Hack Attempts-MS Account Sign-in Activity

Hi every now and then when I log into my Microsoft Account on the web, I will check the Security/Sign-in Activity page. I see all my legit logins from my Android device and Windows 10 desktop, but occasionally I will see a failed IMAP sync attempt from foreign countries (Vietnam, China, Russia)- obvious hack attempts. MS shows a message for the entry: “Don’t worry, the sign-in attempt was unsuccessful”, but this bothers me that there are hackers out there attempting it.

My MS account is about as locked-down as you can make it: 2FA, no app passwords, disabled log-in for all my aliases except for one.

Is there any way to disable IMAP for a regular personal hotmail.com/live.com/outlook.com, or any other measure I can take to protect my account? Is this just the world in which we live in now and have to deal with this stuff? Thanks

Conversation 7 comments

  • harmjr

    Premium Member
    29 December, 2019 - 6:08 pm

    <p>I too have had this. I would like this feature to turn off IMApP. Plus Geo fencing. I will never in my life visit China or Russia. You can't tell me they can't do it because they built that in the Shifts App in Microsoft Teams. I would like to tell only certain IP address ranges can access my email. I would also like and think they should build it where if it comes from a non-approved IP that would automatically blacklist the IP address. But that's wishful thinking.</p>

  • wright_is

    Premium Member
    30 December, 2019 - 9:06 am

    <p>The problem is, that outlook.com is an email service, so it has to have IMAP enabled, as it is a standard mail protocol…</p><p>I haven't noticed any attempts to get into my account, but it is similarly locked down with 2FA and security keys. The hackers would need to break into your account and create a new app password in order to be able to get IMAP access.</p>

  • infloop

    Premium Member
    30 December, 2019 - 8:32 pm

    <p>"<span style="color: rgb(0, 0, 0);">Is this just the world in which we live in now and have to deal with this stuff?"</span></p><p><br></p><p>Yes.</p><p><br></p><p>Because you said you have locked it down pretty well, with 2FA and such, I wouldn't worry about it. Like the log entry says, the sign-in was unsuccessful.</p><p><br></p><p>Things like this happen nowadays, where attackers would try to get to any other accounts you may have, if your information was leaked in any of the breaches that have happened over the past decade, as people tend to re-use the same logins to multiple sites. It could also have been leaked in one we don't know yet about. Or they are just trying any account looking for easy pickings: accounts without security features like 2FA turned on. (The trade-off between security and convenience is always a battle.)</p><p><br></p><p>It is like this also for anything that is exposed to the Internet. Web applications, Secure Shell (ssh) severs, VPNs, IoT devices, networking equipment, etc. The attempts would usually show up in logs if logging is enabled. What would be concerning is if the attempt was successful, in which case it becomes a matter of how quickly you can detect it and move to limit further loss or damage.</p><p><br></p><p>If you want, you can change your password, so that even if it was leaked, it now is no longer valid.</p>

    • wright_is

      Premium Member
      31 December, 2019 - 4:13 am

      <blockquote><em><a href="#507780">In reply to infloop:</a></em></blockquote><p>We had some attempts to log into our corporate VPN in November and early December. One of my colleagues mentioned it to our boss in passing. There was a sudden uproar, how can we stop people trying to log onto our VPN, who don't work for us?</p><p>The short answer is, you can't. These services (VPN, Outlook.com) are open to the Internet by their very nature. You just have to ensure you do the best job you can to stop hacking attempts. 2FA is a good start.</p>

      • infloop

        Premium Member
        31 December, 2019 - 10:42 am

        <blockquote><em><a href="#507866">In reply to wright_is:</a></em></blockquote><p><br></p><p>Agreed.</p><p><br></p><p>If one still didn't feel at ease about attacks, then one solution is to not expose any services to the Internet. And to go even further, another option is to disconnect from the Internet and shut down the system.</p><p><br></p><p>Short of those, you just want to try to do as much as you can to slow it down and make it harder.</p>

    • techguy33

      31 December, 2019 - 11:49 am

      <blockquote><em><a href="#507780">In reply to infloop:</a></em></blockquote><p>Thanks, however it seems MS could offer additional measures as well, such as the Geo-fencing/blacklisting mentioned in the other reply. I certainly wouldn't expect MS to offer this as part of their free email service, but as a paid add-on service.</p>

  • orlbuckye

    26 February, 2020 - 10:16 am

    <p>First of all anyone can attempt to hack your account with an email address. The thing is Google and MS both let you know that someone is trying to change your PW and ask if it's you. They also send you a code to verify your identity. Your pretty safe unless you give them the code.</p><p><br></p>

Windows Intelligence In Your Inbox

Sign up for our new free newsletter to get three time-saving tips each Friday

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Thurrott © 2024 Thurrott LLC