I was hacked!

[Silver_Shiney]

I tried that number but was just put on hold - after 8 minutes I gave up. Just contacted Hotmail's help desk and they said the alert sounded kosher.

Still shaking though.

Sorry, I should have remembered that a colleague a few years ago was on hold for several hours before they answered. Still, the cost of the call came out of the defence budget!

[Quizzical Bob]

Always best to be safe Anne. If you'd like to forward the email on to me I will examine it for you. (No bank details please )

I'll send you a pm.

[anneed]

Just ran a FULL scan and it detected two Trojan viruses and a hacktool! They have now been removed and I have since changed my passwords for email and bank yet again.

Bob, that's kind of you. How do I forward the message though? Don't I need your email?

[Manoverboard]

You are doing all the right things now ...

re the e-mail id / content - just wait for the PM ( located top right ' Private Messages ' ) from QB.

[anneed]

Thanks, Manoverboard, I feel really shaken by this.

I think it WAS a scam - my theory is that someone inserted the hack tool and then created the 'unusual activity' to provoke a genuine alert from Microsoft. They were probably then able to detect my keystrokes for the new passwords.

If it wasn't for you guys I would have blindly carried on giving them all the info they needed to rob me. What a wonderful thing this forum is.

THANK YOU ALL SO MUCH.

[Manoverboard]

For completeness ... did you contact your Bank ?

ps ... Moby or MOB will do nicely

[oldbluefox]

Really pleased that our online 'experts' were able to help you Anne. There are quite a few good articles on the web with advice on how to spot scam emails and what to do with them, plus a few do's and don'ts.
It is very easy to be sucked in by them but good security software and awareness from sites such as this should help and give you more confidence.

As well as Windows Defender for antivirus I also use Spybot and Malwarebytes, all for free.

[Silver_Shiney]

Just ran a FULL scan and it detected two Trojan viruses and a hacktool! They have now been removed and I have since changed my passwords for email and bank yet again.

Bob, that's kind of you. How do I forward the message though? Don't I need your email?

What software did you use to detect and remove the trojans? Just interested in seeing if it's better than what I'm using!

[anneed]

Windows Defender. When I ran the quick 20-minute scan it didn't find anything. The full scan took over an hour but boy am I glad I used it.

[anneed]

Oh and I did try to contact my bank but it was just before closing and I was put through to the 'branch support' person. He said they wouldn't do anything unless I reported actual illegal activity on my account but did say they had a good security team that monitored unusual activity.

Trouble is I'm feeling suspicious of everything and everybody now - was he REALLY a bank support person?? I will call in to the bank in person as well.

[Silver_Shiney]

No, he was genuine and the banks do monitor unusual activity, and they are very good at contacting account holders if they spot anything untoward. Rest easy, dear lady.

[Silver_Shiney]

Windows Defender. When I ran the quick 20-minute scan it didn't find anything. The full scan took over an hour but boy am I glad I used it.

Thanks

[anneed]

Thanks Alan, and Moby, your soothing words have helped although I still feel somewhat jittery. Think I'll go and make a nice cup of tea (how British) as I've lost my appetite after all that.
I haven't been posting on here for a while so it's just so, so lucky that I decided to tell you all what had happened.

[Kendhni]

If you seriously think you have been hacked then I would suggest you run a couple of other tools on your system. Windows Defender is OK but it's current detection rate is not the best. I would suggest trying the following (all are free downloads and light on resources)
Malware bytes (https://www.malwarebytes.org/)
Spybot Search and Destroy (https://www.safer-networking.org/dl/)
And consider also running a different virus detector such as AVG (http://free.avg.com/gb-en/homepage) or Avira (sorry max number of urls reached)


I agree with others that say you should not rely on links in unsolicited emails to reset passwords but if you hover over the link then the actual URL will appear at the bottom left of most browsers ... read this carefully (very carefully) and if it goes to where you expect it to go to then it should be OK. However I would also recommend that if you have used a link to reset a password then the first thing you do is go back in through your normal route and reset the password again.

[Silver_Shiney]

Wise words!

[Meg 50]

If you seriously think you have been hacked then I would suggest you run a couple of other tools on your system. Windows Defender is OK but it's current detection rate is not the best. I would suggest trying the following (all are free downloads and light on resources)
Malware bytes (https://www.malwarebytes.org/)
Spybot Search and Destroy (https://www.safer-networking.org/dl/)
And consider also running a different virus detector such as AVG (http://free.avg.com/gb-en/homepage) or Avira (sorry max number of urls reached)


I agree with others that say you should not rely on links in unsolicited emails to reset passwords but if you hover over the link then the actual URL will appear at the bottom left of most browsers ... read this carefully (very carefully) and if it goes to where you expect it to go to then it should be OK. However I would also recommend that if you have used a link to reset a password then the first thing you do is go back in through your normal route and reset the password again.

After I was hacked, I used several of these freebie sites as they all seem to pick up different things. Downloaded them one at a time and uninstalled before trying the next!

[anneed]

I took my PC into the John Lewis tech desk this morning and they have given it a clean bill of health. I was worried again because a message popped up on the Action Center link at the bottom of my screen asking me to 'click here to enter your most recent password'. That's the last thing I wanted to do but the John Lewis chap said this really was Microsoft and I should go ahead.

When I changed my passwords I went into the website that always comes up as an option when I mis-type my password. Does that sound OK?

I appreciate the suggestions for extra tools but I'm reluctant to put anything on my PC now.

By the way, the John Lewis teccy raved about Windows 10 and said I shouldn't be a wimp about upgrading to it. Will think about that when I've recovered from all this!

[Boris+]

Good luck with the upgrade - I'm still thinking about it, but I've only just got Windows 8.1 and I like it.

Well done for getting it all sorted, and I sincerely hope it doesn't happen again.

[Silver_Shiney]

Ann, the software applications Ken recommends are all genuine and will help to protect you in the future. Please do not be scared of installing them - they will exist alongside each other quite happily.

[melsea]

I get emails quite a lot telling me I have been locked out or that my bank account has been locked. I just ignore them since most of what they send I don't even have an account with the said mention in emails. Even if I do I just delete them send them to juck and if able I can block them when I go to the full site on the internet.
I am a little paranoid so am always aware of these things.
As said above do add the malware. Be brave but be aware as well.

[Raybosailor]

I did get a few missed calls from an unknown number while out in Spain last year followed by a text from Mastercard fraud department which I thought was a bit iffy but you have to check don't you ? so I phoned my son, no not to talk to him but make sure I wasn't connected to a rogue number. Then I phoned the lost card number on the back of my credit card which I know is safe and told them of my calls and texts so they directed me to the fraud department who asked me a load of questions about my card transactions in the last week. Someone had used my card details to try and obtain goods and services for about £800.00 but the card security system spotted irregularities in the transactions (don't ask me how this works) and the transactions were declined.

We had our cards cancelled which could have been a problem as we were in the first week of a month on holiday but I have a Post Office credit card that I use abroad anyway so we survived on that which didn't please Cheryl as she only had the joint card that was cancelled ooh the feeling of power that card gave me for 3 and a bit weeks.

When we got back we had a large brown envelope waiting for us which contained the fraud report and we had to fill in a statement to prove that the transactions were not made by us and we even had to show proof that we were abroad at the time of the offence.

You can never be too careful so if you see an email that looks suspicious don't open it but hover your cursor over it without clicking and it should show the email address of the sender and your bank or building society never send messages asking to verify your details.

I have 7 email addresses and all have a purpose one of them my son and daughter don't even know about.

[Silver_Shiney]

melsea, it's always worth forwarding those emails to the banks (making sure the extended headers are included).

I used a comparison site for scooter insurance last yeat and since have had many calls from ambulance chasers about the accident I had in my car with the scooter number... Like raybo, I'm going to have one email address which will be used only for those sites, and I've also bought a mobile phone from a car boot sale which will be used only for the same thing. Thinking about it, if I create a disposable address which includes the name of the comparison site, I'll know which one has sold my details and I can report them to the ICO.

The lad who phoned me from the ambulance chaser was led a merry dance for 10 minutes while I spun him a yarn. He was so keen to get his hands on my money that he didn't notice any inconsistencies in my story. Once I had to stop it, he was livid and said he'd put me on every spam list he could find.

[Manoverboard]

It is good practice to provide your Bank / Credit Card Provider, via Online Banking, with a mobile phone number. They will text you if and when they spot an irregularity. They know your name / postcode whereas the crook doesn't, they will NEVER ask for passwords but will simply ask you to contact them on the number shown on your statement if the payment shown on the text is in any way thought to be fraudulent.

Detecting fraud transactions is a complex matter but in some ways quite simple, to illustrate .... look at your statement(s) and you will see that most of your transactions are repeat / regular payments of one sort or another and that there are very few, if any, to somebody entirely new. If there are any then those payments will reflect your life style profile or are being paid to legit traders .... any that remain will stand out like a sore thumb ( and be flagged on the Bank / Card provider's processing systems ) due to the type of transaction, its location or in some cases they will be part of a repeating short term pattern of fraud from the same Merchant ... a part time rogue waiter operating in a restaurant for example.

[Meg 50]

I get emails quite a lot telling me I have been locked out or that my bank account has been locked. I just ignore them since most of what they send I don't even have an account with the said mention in emails. Even if I do I just delete them send them to juck and if able I can block them when I go to the full site on the internet.
I am a little paranoid so am always aware of these things.
As said above do add the malware. Be brave but be aware as well.

I always forward these emails to the phishing dept of the relevant institution.

[Meg 50]

If you right-click on the email and select 'view source' you can see where the proposed link will redirect you.

is that view page source?

It comes up with vast quantities of stuff relating to my email, and nowt about the sender - unless I'm looking in the wrong place?