son's hacked email account advise
Discussion
So my son has an Outlook email address - he has had one of these emails saying we have your password and have downloaded your computer files etc and will show your family all the nasty things if you do not pay us $1000
So happy he has told us as he was panicking
He has changed his password (as the email showed they have his old password) - he is now going through changing all of his passwords, but he has told me that none of them were the same as the outlook one.
But he is still getting the same email over and over- I have sent it to junk, but as there is no sender email we cannot block it.
Any advice of what we can do? He woke up to 40 of the emails this morning
Thanks in advance
So happy he has told us as he was panicking
He has changed his password (as the email showed they have his old password) - he is now going through changing all of his passwords, but he has told me that none of them were the same as the outlook one.
But he is still getting the same email over and over- I have sent it to junk, but as there is no sender email we cannot block it.
Any advice of what we can do? He woke up to 40 of the emails this morning
Thanks in advance
ks. Its scraped some details of a known databreach including the password.Expert(*) advice is as follows:-
(* not mine)
If you have received a ransom demand email claiming your Outlook account has been hacked, it is likely a scam, often referred to as sextortion or a Bitcoin scam, where attackers use old passwords from data breaches to intimidate victims The email may appear to come from your own address due to email spoofing, where the sender disguises the origin to appear legitimate
Do not respond to the email, click on any links, or send cryptocurrency, as this encourages further attacks and does not guarantee the threat will stop Instead, take the following steps to secure your account:
1. Use a trusted device to log in to your Microsoft account at account.live.com
2. Go to "Security" and change your password to a strong, unique one
3. Under "Manage Sign-in Methods," use "Sign out everywhere" to log out of all active sessions
4. Review the "Devices" section and remove any unrecognized or suspicious devices
5. Enable two-step verification using an authenticator app on your phone to add an extra layer of security
6. Check your mailbox settings at outlook.live.com for any unauthorized forwarding rules or email filters, and delete them if found
7. Review "Apps and services you've given access" and remove any unfamiliar or suspicious third-party permissions
8. Report the ransom email directly from outlook.live.com using the Help - Feedback - Report Problem feature
Additionally, run a full antivirus and anti-spyware scan on your devices to ensure they are not compromised Remember, scammers rely on fear and anxiety to manipulate victims, so staying calm and following these steps is the safest approach
Good luck....
(* not mine)
If you have received a ransom demand email claiming your Outlook account has been hacked, it is likely a scam, often referred to as sextortion or a Bitcoin scam, where attackers use old passwords from data breaches to intimidate victims The email may appear to come from your own address due to email spoofing, where the sender disguises the origin to appear legitimate
Do not respond to the email, click on any links, or send cryptocurrency, as this encourages further attacks and does not guarantee the threat will stop Instead, take the following steps to secure your account:
1. Use a trusted device to log in to your Microsoft account at account.live.com
2. Go to "Security" and change your password to a strong, unique one
3. Under "Manage Sign-in Methods," use "Sign out everywhere" to log out of all active sessions
4. Review the "Devices" section and remove any unrecognized or suspicious devices
5. Enable two-step verification using an authenticator app on your phone to add an extra layer of security
6. Check your mailbox settings at outlook.live.com for any unauthorized forwarding rules or email filters, and delete them if found
7. Review "Apps and services you've given access" and remove any unfamiliar or suspicious third-party permissions
8. Report the ransom email directly from outlook.live.com using the Help - Feedback - Report Problem feature
Additionally, run a full antivirus and anti-spyware scan on your devices to ensure they are not compromised Remember, scammers rely on fear and anxiety to manipulate victims, so staying calm and following these steps is the safest approach
Good luck....
Almost certainly nonsense. What they do it get email addresses and passwords from various leaks and then spam them all with emails like these with the password as "proof"
Check his email on https://haveibeenpwned.com/
Its unlikely they even bothered to check if the password worked with the email login, its much more profitable to just blast out a million emails and hope a few cough up the cash (well bitcoin)
I used the get them with a password from a linkedin data breach.
Check his email on https://haveibeenpwned.com/
Its unlikely they even bothered to check if the password worked with the email login, its much more profitable to just blast out a million emails and hope a few cough up the cash (well bitcoin)
I used the get them with a password from a linkedin data breach.
Nic-nfr74 said:
So my son has an Outlook email address - he has had one of these emails saying we have your password and have downloaded your computer files etc and will show your family all the nasty things if you do not pay us $1000
So happy he has told us as he was panicking
He has changed his password (as the email showed they have his old password) - he is now going through changing all of his passwords, but he has told me that none of them were the same as the outlook one.
But he is still getting the same email over and over- I have sent it to junk, but as there is no sender email we cannot block it.
Any advice of what we can do? He woke up to 40 of the emails this morning
Thanks in advance
The email actually had his password in it, or just claimed that?So happy he has told us as he was panicking
He has changed his password (as the email showed they have his old password) - he is now going through changing all of his passwords, but he has told me that none of them were the same as the outlook one.
But he is still getting the same email over and over- I have sent it to junk, but as there is no sender email we cannot block it.
Any advice of what we can do? He woke up to 40 of the emails this morning
Thanks in advance
768 said:
Nic-nfr74 said:
So my son has an Outlook email address - he has had one of these emails saying we have your password and have downloaded your computer files etc and will show your family all the nasty things if you do not pay us $1000
So happy he has told us as he was panicking
He has changed his password (as the email showed they have his old password) - he is now going through changing all of his passwords, but he has told me that none of them were the same as the outlook one.
But he is still getting the same email over and over- I have sent it to junk, but as there is no sender email we cannot block it.
Any advice of what we can do? He woke up to 40 of the emails this morning
Thanks in advance
The email actually had his password in it, or just claimed that?So happy he has told us as he was panicking
He has changed his password (as the email showed they have his old password) - he is now going through changing all of his passwords, but he has told me that none of them were the same as the outlook one.
But he is still getting the same email over and over- I have sent it to junk, but as there is no sender email we cannot block it.
Any advice of what we can do? He woke up to 40 of the emails this morning
Thanks in advance
768 said:
Nic-nfr74 said:
So my son has an Outlook email address - he has had one of these emails saying we have your password and have downloaded your computer files etc and will show your family all the nasty things if you do not pay us $1000
So happy he has told us as he was panicking
He has changed his password (as the email showed they have his old password) - he is now going through changing all of his passwords, but he has told me that none of them were the same as the outlook one.
But he is still getting the same email over and over- I have sent it to junk, but as there is no sender email we cannot block it.
Any advice of what we can do? He woke up to 40 of the emails this morning
Thanks in advance
The email actually had his password in it, or just claimed that?So happy he has told us as he was panicking
He has changed his password (as the email showed they have his old password) - he is now going through changing all of his passwords, but he has told me that none of them were the same as the outlook one.
But he is still getting the same email over and over- I have sent it to junk, but as there is no sender email we cannot block it.
Any advice of what we can do? He woke up to 40 of the emails this morning
Thanks in advance
OP: As said, if this is the case and you have changed the email password there shouldn't be any issues. Also ensure that any other accounts with the same credentials are changed (preferably to unique passwords). For mine, I had used the same login for Spotify and I had someone playing random crap hip-hop for a while until I figured it out.
If the password is somewhat "passwordy" - ie, not likely to be seen in a typical email, you could probably set up a mailbox rule to send anything containing it direct to trash.
egomeister said:
It will show a password, that as others have said will have come from a previous hack and been recycled for this scam. In my case years ago it was one from a dropbox hack
OP: As said, if this is the case and you have changed the email password there shouldn't be any issues. Also ensure that any other accounts with the same credentials are changed (preferably to unique passwords). For mine, I had used the same login for Spotify and I had someone playing random crap hip-hop for a while until I figured it out.
If the password is somewhat "passwordy" - ie, not likely to be seen in a typical email, you could probably set up a mailbox rule to send anything containing it direct to trash.
This is the answer. They just use passwords from old breaches to give the threat credibility.OP: As said, if this is the case and you have changed the email password there shouldn't be any issues. Also ensure that any other accounts with the same credentials are changed (preferably to unique passwords). For mine, I had used the same login for Spotify and I had someone playing random crap hip-hop for a while until I figured it out.
If the password is somewhat "passwordy" - ie, not likely to be seen in a typical email, you could probably set up a mailbox rule to send anything containing it direct to trash.
Might be worth running your son's email address(es) through Have I Been Pwned to see where/when it may have been compromised and if any other addresses are potentially compromised.
But as egomeister says, ignore, change passwords to unique ones, enable MFA on every account possible, carry on.
Again thanks everyone
he showed me the email and it did show his old password within the email ( I guess as proof!!! )
Anyway, when he gets home tonight I will run through each step as suggested and check everything with him.
I am glad he came to me to let me know as I think he was silently panicking.
Some really good stuff and great support from you all. thanks again
he showed me the email and it did show his old password within the email ( I guess as proof!!! )
Anyway, when he gets home tonight I will run through each step as suggested and check everything with him.
I am glad he came to me to let me know as I think he was silently panicking.
Some really good stuff and great support from you all. thanks again
Nic-nfr74 said:
Again thanks everyone
he showed me the email and it did show his old password within the email ( I guess as proof!!! )
Anyway, when he gets home tonight I will run through each step as suggested and check everything with him.
I am glad he came to me to let me know as I think he was silently panicking.
Some really good stuff and great support from you all. thanks again
I panicked a bit, but backed myself to not have been doing the unspeakable things in front of the webcam at least... he showed me the email and it did show his old password within the email ( I guess as proof!!! )
Anyway, when he gets home tonight I will run through each step as suggested and check everything with him.
I am glad he came to me to let me know as I think he was silently panicking.
Some really good stuff and great support from you all. thanks again
I'm my case I figured it out when I realised that while the password was legit, it wasn't a password that was linked to the email or anything that they might plausibly have access to. Checking on Have I Been Pwned, confirmed the source of the info was another data breach.
Good your son got you involved, and a good opportunity to go through password hygiene etc and get the all his accounts properly secured.
I've had a couple of those. Sent to my email containing, presumably as proof, an old password that I used to use and which was leaked in a breach of LinkedIn. Basically "pay us loads of bitcoin or we'll send your family a capture from your webcam of you enjoying gentleman's movies". It's a common scam. They have nothing on you. Make sure your passwords are all different and the one in question has been changed. Then crack on with your life.
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff