Hacked by adding a Workplace or school account

grumpycrab · 22 February at 2:12PM

I don't know how my friends have so many problems with Windows but I've never seen this one before. Windows 10 with mcaffee. They have a local admin account only. Someone/thing had managed to add a "Workplace or school account" called [email protected] This is a dummy account as Microsoft didn't recognise the account, but real enough to be a profile in Edge and an email account in MS Outlook (Home and Business 2016).
You can probably guess what happened next. This spurious new email account sent lots of emails demanding invoice payment. This was achieved via a docx template containing the invoice text and excel spreadsheet of email addresses (NOT the computer owner's address book).
Anybody know how this account could have been created?

pramsay13 · 22 February at 3:42PM

No, I assume your friend has fallen for a phishing email or clicked on a dodgy link which has given someone access to their computer system.

grumpycrab · 22 February at 3:52PM

pramsay13 said:

No, I assume your friend has fallen for a phishing email or clicked on a dodgy link which has given someone access to their computer system.

Yes, an email seems to be the source of the issue. Doesn't look as if mcaffee traps this kind of thing. Perhaps webmail is safer?

tallmansix · 22 February at 8:54PM

Taking the laptop offline and doing a full factory reset would be my recommendation right now, doesn't matter where the malware came from, it is clearly capable of propagating more phishing emails which unfortunately will result in somebody somewhere also getting malware and potentially being hacked/losing money/data etc.

McAfee or any antivirus, in fact, isn't foolproof when it comes to phishing attempts, hackers can spin up a new domain in minutes and send a phishing email out to millions of people before any AV or ISP has a chance to detect or block it.

forgotmyname · 24 February at 11:30AM

Have they called McAfee or Paypal or Microsoft because of a popup? Have they added or any trace of anydesk or similar?

Thinking they got a fake message to call and they installed remote access software where they may still have access.

grumpycrab · 24 February at 4:05PM

forgotmyname said:

Have they called McAfee or Paypal or Microsoft because of a popup?

No, but I know somebody else who called a "mcafee agent" and paid £300 for a 10 year license. And they thought they were getting a good deal.

forgotmyname · 26 February at 5:05AM

Watched some scam baiter videos and shocked at the amount of money the scammers get. I think more needs to be
done to alert people to these scams.

MSE Forum

Hacked by adding a Workplace or school account

Replies

Did you know there's an MSE app?

Regifting: good idea or not?

Energy Price Guarantee calculator