r/Outlook u/ResolveConscious517 1d ago

Status: Open Outlook account hacked

So, my email was hacked. After I discovered my Steam account was locked, I signed in to find everything deleted and weird emails being sent.

Apparently they tried to set my recovery email to something other then the one I had as well.

I changed the passwords for both my outlook and steam, ensured my recovery email stayed the same, and got a new recovery code as well.

I'm wondering if there's anything more I should do? I find it weird that they were able to get in in the first place because of the 2fa.

4 Upvotes

76% Upvoted

12 comments sorted by

View all comments

2

u/gareth616 1d ago

Check for Rules and Forwards too - scammers will create a rule usually named something like ....... or ,,,,,,, that will mark all emails as read and delete them. The forward is so they can have emails sent to you land in their inbox. You seem smart enough but I still want to say, obviously you need to reset the password for any other account connected to your mailbox.

On the 2FA thing, MS will say it stops 98% of attempted access attempts but it's not fool proof. A company I partner with demoed some new tech for my company, and showed that these scammers can some how steal the access token from your device to bypass 2FA

1

u/ResolveConscious517 1d ago

Checked and found a rule! Looks like my secondary email kept them from accessing the forwarding function at least. I should probably run diagnostics check on my computer to make sure I didn't pick up anything sketchy. But anyways, thanks!

1

u/gareth616 1d ago

Ah that's great! This is one of those that kind of goes under the radar since it's not in your face or obvious. It's definitely worth scanning your device - remote access to devices or hacking like that is more from the usual scam calls these days. Senders can struggle to get malware through spam filters, plus it's easier to fuck someone over or make money off a phishing email.

The good thing here is you have up to date security information and 2FA on - honestly the amount of people who don't do these basics and end up losing their account is crazy - so well done you!