{myadvertisements[zone_1]}
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Does my computer have a virus?
#1
Can anyone help me with this.  I have just spent hours creating a new main email account, and trying to sort this mess out. Right now I have a splitting headache and can't eat or sleep.

This morning I got an email purporting to be from Microsoft.  The email account I have had for years is Microsoft Outlook, previously Hotmail.  The address on the email was reply_to@accountprotection.microsoft.com

I googled it and the first entry is Microsoft's own advice page, which says you can trust emails with the suffix @accountprotection.microsoft.com.

It was saying my outlook email account had been accessed, unusual sign in activity, by somebody in another country with a different computer and IP address, and if this was me click yes and if not click no.  I clicked no and it just sent a reply email to signins-activity-alerts@hotmail.com

That second address looked very unprofessional.

Throughout today my MacBook Mail Server has been beeping with notifications of new messages in my Inbox, as I have been deluged with spam like never before, and spam has never gone into my Inbox before, it always went directly to my Junk folder.

I later today found that something tampered with my settings so that junk went into my inbox, I re-set that and now the junk is going into my junk folder.  I find it scarey that they could tamper with that setting!

Someone I know advised me the spammers could have downloaded an Executable by my clicking "no" on that email, it could be something like ransomware or data mining where they can see you entering data on websites, and to change all passwords on a different device. I phoned Apple and they didn't think I was at risk for malware or viruses, but it is still scary that the spammers could alter my junk mail settings on my MacBook Mail Server so that their junk started going into my Inbox.

I phoned Apple for help, and they were re-assuring about malware and viruses, and gave some help with setting up a new, non-Microsoft email account on my MacBook Mail Server. Though I need to contact them again as I am still getting emails to my old email address sent along with emails to my new one, though thankfully junk is now going into the junk folder again, and I don't get continuous beeping for junk mail going into my inbox.

It is possible that my MacBook Mail Server setting to put junk in my Inbox got altered later on as I have been struggling to get my new non-Microsoft email account onto my MacBook Mail Server. I may have inadvertently altered a setting.

I am still getting my old outlook email address appearing on my emails. It is still a partial mess that I need to sort out.

I took my friend's advice not to delete the old outlook account, as it contains a lot of information I will need for a long time, including contacts I need to inform of my new email address.

So angry at Microsoft for allowing spammers to use their suffix, when I dug further it seems this has been known about for at least 6 years, and the top Google entry is Microsoft's own, assuring people that this suffix can be trusted. I will never, ever touch anything by Microsoft again, not their computers with crappy Windows 10 or their email accounts.
Reply
{myadvertisements[zone_3]}
#2
This is my theory...

The "from" address on the original email was likely hacked. This information is just grabbed from part of the email header. It is not that difficult for someone to send a doctored email so that it looks like it came from anyone that they want.

What is important is to look at the address of the link in your email. I use Thunderbird, and when I have an email with a link in it, I just move my mouse over the link without clicking on the link, and look at the address of the link (for me, it comes up at the bottom status bar of my email window). If that looks OK (the link address should have the same domain as the sender's link, or another valid site if they happen to be linking to another site, like with news articles), then I click on it. Try to find this address - for me, I can also right click on the address and choose "copy link address" and paste it in a text program to just see what's there.

What I assume happened is this:
  1. A spammer sent out a bunch of emails to email addresses that they just generated, or scanned from the web.
  2. In this "official looking" email, they included a link (your yes/no option) that went to their bogus site.
  3. This bogus site collects stats on these clicks, which will inevitably include information regarding your email address.
  4. They now have an email address that is a) valid, b) active, and c) has a user that will read emails and sometimes click on links.
  5. So now they start sending spam to this new address.
So probably not a virus on your end, just a spammer that got your address from that initial bogus email.

I have no idea how your options changed in Outlook (I avoid outlook like the plague). Microsoft often issues updates that muck around with your preferences. This may just be a coincidence that this happened.
Reply
{myadvertisements[zone_3]}
#3
(10-28-2021, 12:48 AM)brunt Wrote: This is my theory...

The "from" address on the original email was likely hacked. This information is just grabbed from part of the email header. It is not that difficult for someone to send a doctored email so that it looks like it came from anyone that they want.

What is important is to look at the address of the link in your email. I use Thunderbird, and when I have an email with a link in it, I just move my mouse over the link without clicking on the link, and look at the address of the link (for me, it comes up at the bottom status bar of my email window). If that looks OK (the link address should have the same domain as the sender's link, or another valid site if they happen to be linking to another site, like with news articles), then I click on it. Try to find this address - for me, I can also right click on the address and choose "copy link address" and paste it in a text program to just see what's there.

What I assume happened is this:
  1. A spammer sent out a bunch of emails to email addresses that they just generated, or scanned from the web.
  2. In this "official looking" email, they included a link (your yes/no option) that went to their bogus site.
  3. This bogus site collects stats on these clicks, which will inevitably include information regarding your email address.
  4. They now have an email address that is a) valid, b) active, and c) has a user that will read emails and sometimes click on links.
  5. So now they start sending spam to this new address.
So probably not a virus on your end, just a spammer that got your address from that initial bogus email.

I have no idea how your options changed in Outlook (I avoid outlook like the plague). Microsoft often issues updates that muck around with your preferences. This may just be a coincidence that this happened.

Thanks.  I should have changed email provider long ago, I have put up with spam for so long.  I didn't because I have used hotmail/outlook since I started using the internet around 2003 and couldn't get used to the format of other providers, though I have used outlook through the Apple Mail Server for a few years now, and my new email provider looks exactly the same format as before.  Neither have ads or clutter.  Apple is worth its weight in gold sometimes.  I found a username that my contacts recognise as me.  I need to iron out the problem of my old email address still being displayed on half the emails, and still getting the spam addressed to the old email address coming through on the Apple Mail server.

My whole experience of Microsoft is that it is crap, they shouldn't be telling people to trust their suffix and like you said that can easily be spoofed.

I will look into how I can check for viruses without trusting all the con artists who try to get you to download their virus cleaner.  Apple Macs have such good security I can't think why some nobody little company with a virus cleaner could better Apple.
Reply
{myadvertisements[zone_3]}
#4
It is so weird. I haven't completely deleted that old email address, though I did change its password, and when I checked back there are lots of spam emails in my focussed inbox and all the emails that I want are in my other folder. (On the Apple Mail server this translated to Inbox and Junk) I don't know how the spammers managed to do that. I don't think they have my password. All I need to do is check my Other folder, and even my Junk folder, and ignore my Focussed folder.

By the way, I suppose everyone here knows you can check your email address for breaches here https://haveibeenpwned.com

Be careful that this website has the https:// and any security indicators, as it looks like a target for copying. In itself it is apparently a trustworthy site.

It doesn't make it clear exactly what constitutes a breach, whether it is just the email address or the password too.

And weirdly, as I was clearing up this mess generally I found that some of the unimportant secondary email addresses that I use even though the email addresses are clear their passwords have been compromised. I only use these email addresses for things that don't matter.
Reply
{myadvertisements[zone_3]}


Forum Jump:


Users browsing this thread: 1 Guest(s)
{myadvertisements[zone_2]}