We have just discovered that a friend's Hotmail account has been
compromised.

Not sure how because they are normally very cautious.

The interesting timing is because they have just bought a new laptop and I helped with the configuration, and 2FA wasn't working because the account
had a (correct) phone number associated with it but this failed to ring
and supply the 2FA prompt.
[I suspect that M$ was assuming a mobile phone and tried to send a text to
a land line.].

Anyway we decided to change the 2FA setting to a Gmail account.
Because of the 2FA failure a wait of 30 days was put on any further
account activity.

Recently (about a week ago) another email was received saying the waiting period was over.

Today phishing emails are going out from that account.

Correlation and causation, of course, but it does make me wonder.

Is this ringing bells with anyone?

Cheers



Dave R


--
AMD FX-6300 in GA-990X-Gaming SLI-CF running Windows 10 x64

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 16/09/2023 16:57, Jeff Gaines wrote:

On 16/09/2023 in message <kmm0lgF96ohU1@mid.individual.net> David wrote:

[I suspect that M$ was assuming a mobile phone and tried to send a
text to
a land line.].

You have been able to text via a landline for 20 years now.

And the robot even leaves a message on your answering machine (for those
of you who can remember what that is)


--
random signature text inserted here

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 16/09/2023 in message <kmm0lgF96ohU1@mid.individual.net> David wrote:

[I suspect that M$ was assuming a mobile phone and tried to send a text to
a land line.].

You have been able to text via a landline for 20 years now.

--
Jeff Gaines Dorset UK
The first five days after the weekend are the hardest.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sat, 16 Sep 2023 17:13:25 +0100, Abandoned_Trolley wrote:

On 16/09/2023 16:57, Jeff Gaines wrote:

On 16/09/2023 in message <kmm0lgF96ohU1@mid.individual.net> David
wrote:

[I suspect that M$ was assuming a mobile phone and tried to send a
text to a land line.].

You have been able to text via a landline for 20 years now.

And the robot even leaves a message on your answering machine (for those
of you who can remember what that is)

I wonder why the phone didn't ring, then?
Even made a call to it to confirm that it was working.



--
AMD FX-6300 in GA-990X-Gaming SLI-CF running Windows 10 x64

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 16/09/2023 18:56, David wrote:

I wonder why the phone didn't ring, then?
Even made a call to it to confirm that it was working.

IME it takes some time for BT's robots to read the text message and ring through with the voice version; from minutes to days.

I used to have a landline phone that could handle SMS as SMS, but I
never set it up because BT wanted money for the privilege and I had a
perfectly good mobile for that sort of thing.

Last time I had to buy a new landline phone I ended up getting one that
doesn't handle SMS. Progress, I suppose ...

--
Cheers,
Daniel.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sat, 16 Sep 2023 15:41:36 +0000, David wrote:

We have just discovered that a friend's Hotmail account has been
compromised.

Not sure how because they are normally very cautious.

The interesting timing is because they have just bought a new laptop and
I helped with the configuration, and 2FA wasn't working because the
account had a (correct) phone number associated with it but this failed
to ring and supply the 2FA prompt.
[I suspect that M$ was assuming a mobile phone and tried to send a text
to a land line.].

Anyway we decided to change the 2FA setting to a Gmail account.
Because of the 2FA failure a wait of 30 days was put on any further
account activity.

Recently (about a week ago) another email was received saying the
waiting period was over.

Today phishing emails are going out from that account.

Correlation and causation, of course, but it does make me wonder.

Is this ringing bells with anyone?

Update: I found a phishing email claiming to be from Microsoft dated the
day the compromise happened.
One of those "timing" this where an email from Microsoft was expected.
No admission from my friend, but circumstantial evidence looks pretty
solid.
Microsoft provide a security log for the account which showed a successful
log in from Nigeria at the expected date, then further successful log ins
from other devices around the world.

I reset the password using the newly activate 2FA with a Gmail address as
the second channel.

I then had a head scratcher because emails were going out but not being received.
Being out of practice it took me a while and some Internet searching (Bing
not Google) to remind myself about redirects.
I looked at the configuration page for the Hotmail account using Outlook
web and there was no redirect showing.
However when I set up another redirect it all sprang back to life.
I cleared the redirect and all still seems to be working.

In this case, no real harm done as the subsequent phishing of the contacts
for Amazon gift vouchers for someone apparently in Canada were not
convincing.

Also fortunately my friend doesn't shop or bank on line.
Think Luddite.
So the email address could not be used to reset credentials on web sites
which could then be used to buy stuff.

All in all a salutary tale, and a reminder to be double wary if you are expecting an email.


Cheers



Dave R



--
AMD FX-6300 in GA-990X-Gaming SLI-CF running Windows 10 x64

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)