account using Chrome from Washington DC an hour ago.

Microsoft had me change my password
I live in CA and never use chrome

I also had to change my Facebook password yesterday weird messages were sent from my Facebook account

This happened a day after I got one of those weird messages and opened it

I am on the road using my cell phone
My computers are at home turned off

That do not care one but if you are hacked.


You have been scammed it sounds like to me and likely are being hacked as we speak since you gave up passwords to someone on the telephone claiming to be Microsoft.

Microsoft will never call you they don't even have your number.

you did not follow a link from that email to reset your passwords, if so got to microsoft.com and reset your passwords immediately.

it was me, I answered no

They asked for last four of my phone number
I entered that and got a text with s security code

I had to enter that to reset my passeord

That said I would still go to the Microsoft site directly and change it again to be safe.

It sounds like a legitimate response from Microsoft but clicking links in emails to reset passwords makes me very nervous.

and that sounds about right.

I would not use the possibly compromised computer to change the passwords either.

Whoever called you was lying.

Remember, no for profit corporation ever does anything without being paid first.

Download, install and run Malwarebytes. I suspect it will find some issues.

Also Microsoft wouldn't call you to tell you somebody logged into your Chrome account. You should change your password again, especially if you gave the person your password.

It sounds like your Microsoft account was hacked.

If that is what you meant by Microsoft saying someone logged in from another area.

Your online accounts can be hacked regardless of the state of your computer.

All of that info is stored on other computers not yours.

account my computers are off it is my phone I have been using

And how much in you gave Microsoft in the first place when you created it.

I would highly encourage you to look at all off your online accounts and change passwords and enable two factor authentication where available.

They could also use access to your email account to reset passwords of other online accounts.

As someone else said you should have your computer looked at by a professional or at the very least run a Malwarebytes scan.

Two factor authentication can avoid this happening in the future.


Last bit of advise never change passwords from a link in an email go directly to the site yourself to change the password.

As well as the good advice above, if you use your email account for anything financial - online banking, shopping, PayPal, anything where account details might be available to someone who can look through your emails - you need to safeguard yourself against that being exploited.

If you do use anything like that, you may want to contact your bank; once you have access to a secure email account again, change any passwords that might have been exposed, that sort of thing.

You may need to change your social media passwords, too (including DU!) if you used that email address for registration and didn't delete the emails.

Look at the email you first received and google the from account, should be @microsoft.com.

After googling you will likely be able to figure out if the sent address is valid. If it is something like microsoft.ru or something else you are not used to seeing then back off.

... a phone call?

Many times they will email you if a new device accesses your Microsoft account, but that doesn't mean they accessed your personal computer. If your FB was hacked and you were using the same password for your Microsoft account, it's not surprising it was the next targeted.

I agree with scanning your computer or getting someone you know who is a sympathetic egghead to do it for you is a good idea, but I think people are jumping the gun on assuming this was a phone-call scam.

Microsoft does send email notifications if unknown devices log into Microsoft accounts, including sometimes your own cell phone.

http://ask-leo.com/can_my_computer_be_hacked_if_it_is_turned_off.html

and wake up on lan is enabled in bios and os it very possible. Someone would have to have set the computer for this as there are multiple steps. Short answer is yes, long answer is not very probable unless someone has had physical access and set it up for that.

Since all computer hacks generally involve changing a collection of bits on a storage device or some other non-volatile storage, it would be possible to make the "hack" on the storage device either by making direct changes to the storage ( almost impossible ) or by attaching the storage device to another computing system (or some sort) and making the needed changes there. This would require physical access to the computer to be hacked.

In any event, this is a lot of trouble to accomplish so it is not very likely.

OTOH, changing the bits on the storage device using another computing device to make the modifications would be almost undetectable ( again, assuming physical access ).

I got a similar email about a month ago. Said it was from Google but it was sent to the email address I use as a backup for my actual Gmail account. It told me that an attempt had been made to log on to one of "my" Android devices. Thing is, the email message said someone tried to access my device from another state. Also the Google email address they said was mine was not mine - remarkably similar but not the same.

The phishing email gave me a handy, clickable, Google link to change my password, only the link didn't look like any Google link I'd ever seen. I did not click it. Instead I went to Google on my own and changed my password. I went and changed the password to my backup email account too.

Here's the thing about email addresses. If you've had one for any length of time and you've done something relatively innocuous like subscribe to a newsletter or open an online account for a shop or a service, if you've even emailed your congressperson, at some point your email is going to get sold (or shared) as part of a list because email lists are assets.

Oh sure, they all slap up a boilerplate privacy statement, promising they will never sell your email but they lie. If that cool tech shop or pet supply site sells their business or the owner declares bankruptcy, of course they're going to sell their email list because email lists are assets.

I'm not saying that you need to get a new email address. Hell I have one that's going on 20 years old. What I'm saying is definitely get more than one email address but not so many that you can't keep track.

Never click on links in an email. Instead, go directly to the websites you need to deal with. Turn off the preview pane in your email software or online account. Disable auto-display of HTML and Images in your email settings. And don't open an attachment unless you are positive it's from someone you know and even then, think twice before you do it.

.

For over 10 years, the government has required the following devices to have access points for the NSA:

Routers, both home and business (ie. Cisco got caught with one last year)
Mainboards (ie. your motherboard)
Operating Systems (like MS products and government-funded versions of Linux)

Obama, expanded the blanket search order just before leaving office that allows up to one million computers to be "hacked" on one warrant. But, the computers aren't really being hacked. There are access points and gate calls that allow direct penetration into a computer within milliseconds. Obama's order expanded what could be done to those computers too. From not just accessing and extracting information, to also allowing the government to remove, delete and add code or files onto the computer(s).

Microsoft and AT&T are chief NSA collaborators. One of the reasons for the big push to Windows 10 is that it enhances data mining and adds Cortana which is difficult to fully disable. Folks with fully-licensed WIN7 computers were badgered to upgrade their operating systems to help meet this need. You had to install 3rd-party blockers to prevent the accidental upgrades to reminders from popping up. Go to EFF and do a quick find on AT&T to see how they harvest data for the NSA.

https://www.eff.org/nsa-spying

https://www.eff.org/deeplinks/2014/05/how-nsa-transforming-law-enforcement

https://www.eff.org/deeplinks/2016/08/windows-10-microsoft-blatantly-disregards-user-choice-and-privacy-deep-dive


The vPro chips further expand the access into a computer, by providing enhanced remote signon for desktop support services for company help-desks, or so claimed, yet only a handful of Non-vPro chips are offered. Most home computers are shipped with them installed. You have to actually find the CPU version on a PC/laptop for sale and go to Intel to see if it is a vPro chip, because often it is not readily known from just looking at the box or description.


Intel also has their Intel Management Engine, which a quick trip to tomshardware.com or zdnet.com will show many hits on this. Purism and Google are trying to disable this feature, because it is actually a second processor that runs a MINUX operating system on it that allows full control of a computer without leaving any traces. Purism was able to disassemble some of what this code does, so it is not speculation that Russia, China, other Nation States, organized crime or hackers could do the same.

https://puri.sm/learn/intel-me/

http://www.tomshardware.com/news/intel-me-security-vulnerabilities-patches,35971.html

http://www.zdnet.com/article/intel-weve-found-severe-bugs-in-secretive-management-engine-affecting-millions/

With knowledge of iME, ANYONE can access a computer while leaving absolutely NO TRACE they were doing it.

.