Late yesterday I found my MSOutlook (hotmail e-mail) session had been closed. There was an error message saying
You need to sign in. Your session has expired. You may need to enable pop-ups in your browser for this site. Sign in to continue.
I don’t recall ever seeing this before and since it has a Sign In button and will, of course, ask for my e-mail password again I was suspicious. So I didn’t try to sign in.
I’ve just fired up my laptop and tried to log in to the hotmail account from there and access is blocked on that machine too. They’re asking me to enter a phone number so they can SMS me a verification code which will allow me to log back in to my hotmail.
If these are Bad Guys somehow coming at me via different attempts (by me) to log in to my e-mail then I’m reluctant to give them my phone number as well. But if they really are Microsoft then maybe I have to ?
Does any of this make sense ?
I don’t think I’ve ever registered a phone number with Microsoft for account recovery. But I have registered an alternative e-mail address.
Do you see a lock icon by the URL, or a similar symbol to indicate at least that it’s a secure connection? You can also check for https vs http at the beginning of the URL. That will at least tell you if you’re on the right domain.
MS will certainly try to steer you towards having some degree of 2-Factor Authentication set up, which is generally via a phone number.
Well the process seems to have worked. I updated the laptop and logged into hotmail, having jumped through MS’s version of Captcha and entered their SMS’d code, and now my e-mail is accessible again.
We move our money around using systems which are fundamentally insecure. The people who built (for want of a better word) them do put some effort into rectifying their flaws. But if you wanted a secure means of establishing the bona fides of the people you’re dealing with you wouldn’t start with what we have now.
Addressed to me, I was fooled for a while until I actually thought about it: the rate is just too good. Then I checked the domain - created last month.
Shame, I’ve had to use a normal bank and got far less interest. Impressed that they invested a stamp though; even second class cost a fortune nowadays.
More concerning would be if you are actually a Metro bank customer and they have had a data breach, as opposed to the scammers buying a random address file that contains you.
I also had a fairly sophisticated one where my emails to my financial adviser were intercepted. My financial adviser ended up replying to the scammers and gave them a lot of my personal info!
Yeah, although I’m not sure what actions I could take: there’s some factually correct info there, and no passwords I currently use. I have 2FA and authenticators wherever I can.
It’s a minefield really. When I bought my car I got a call from “Tesla” saying that their servers were down and so I should make payment over the phone.
Quite a lot of effort has been spent on trying to scam me, and they have, fortunately, failed every time!
I was using the word ‘system’ very, very much more generally.
My mate was expecting a four-figure invoice from someone who’d done some building work for him. The invoice duly came by e-mail, attached as a PDF. The scammers had somehow intercepted this and altered details in the PDF. So he makes the payment he’s expecting to make but sends the money to the scammers’ account.
e-mail - it’s insecure (at least, insecure enough for this to happen), but it’s a part of today’s billing system.
