Microsoft wont let me in my email anymore

[JanJansen]

Hi, i am no longer allowed in my email,
i registered at many forums and shops with my email adress, is it going to be a problem ?
How can i hack my own email ?

They say they want my credit card to verify my age, while i find this online :
https://cloudblogs.microsoft.com/microsoftsecure/2013/08/01/microsoft-wont-ask-for-your-credit-card-to-unblock-your-email-account/

It says :
I’m getting messages from Microsoft about my email account. The messages say that my account is blocked and I can only unblock it with a credit card number. Is this legit?

No, these messages sound like a phishing scam, a type of identity theft designed to steal your personal information, such as credit card numbers, passwords, account data, or other information. Never provide personal information in response to requests like this. In fact, it’s best not to respond at all. Instead, delete the email message and report it.

If you can’t access your email account, get information on how to recover your hacked account.


I dont know what to do, any advice for me ?, i am a emailless person now.
thanks

[BravoV]

If you can’t access your email account, get information on how to recover your hacked account.

I dont know what to do, any advice for me ?, i am a emailless person now.
thanks

I don't use Microsoft email, but my personal emails hosted on popular free email hostings, they have feature to reset password through confirmation by my registered cell phone, of course you need to enable this option 1st before hand.

Infact my emails account will instantly notify me if there is any login occurred at new device that has not been approved by my self before, and it simply offers me to allow or either kill it.

[IanB]

Your message is not very clear, so it is hard to respond.

Are you saying you are entering your correct username and password and the account will not allow you to log in?

Normally if this were to happen the action would be to use a password recovery mechanism. The recovery mechanism may involve a secondary email address, a mobile phone number and text message, the answers to various security questions or similar. If none of these are successful you would have to contact customer support for advice.

You may be able to get more specific advice from this forum if you tell us which specific email service you are locked out of (hotmail? outlook.com? other?)

[Andy Watson]

Definitely a scam.

Try resetting your password:
https://support.microsoft.com/en-us/help/12429/microsoft-account-sign-in-cant

Also, determine how you've been locked-out and phished - have your got a virus or other malware on your computer?
Double check that the address/URL that you are using for your email is correct - letter for letter - and not a spoof page.

[BravoV]

The OP's quest made me suspect he run out of recovery options like didn't put 2nd email, phone, forgot recovery question and etc, as these are pretty straight forward.

[DC1MC]

Hi Jan, it's sad to see    that in 2018 there are still people using windows for online stuff, in the age of hundred gigabytes SSDs where you could have made a small 100GB partition, install Ubuntu or Linux Mint and surf worriless  . If you need to use some MS  only program, boot on windows and use it, but don't go online, or you'll get p0wn3d, in the best case you'll mine coins and spread propaganda and spam, in the worst case you'll lose all your money and get you identity stolen.
 
I have the following advice for you, that may still recover something or at least reduce the damage:
Your Windozian machine was169% pwn3d  long ago , carefully remove all the hard disks and shred them away  , or at least boot from a R/O medis with a Linux distribution and wipe them fully.
Then immediately cancel all your credit cards used  online and change the passwords to all online banking, social or governmental sites you've used, from a secure, freshly installed, Linux machine, not from your phone (a good chance that is also 169% pwn3d as well).
The go to a computer literate friend and download a Linux distribution, burn a CD or a live USB stick and boot from it.
Type manually outlook.com and enter your email and last known password.
If you're lucky it was just your browser hijacked and got only the classic scare, reformat the PC and don't use windows anymore. Chance less than < 5%.
Usually the cracker will change your password, remove or modify the recovery email and phone number, but if you're a lucky person, request a password change code to be sent to your phone or recovery email if this is not taken over as well. Chance less than 35%
If these are gone as well (chance more than 95%), than you have to contact Microsoft support, usually the complaints of non-paying are ignored, but my maybe you'll be lucky and they help you recover your account, if not, install Linux get a new mail, enable 2-factor authentication, and take it as a lesson for the future. Don't forget to cancel all your card used online and change all your passwords as well.

 Best of luck, because you will need it,
 DC1MC

[Andy Watson]

The OP's quest made me suspect he run out of recovery options like didn't put 2nd email, phone, forgot recovery question and etc, as these are pretty straight forward.

Yes, it's a bit vague. But how would giving credit-card details help? It's definitely a scam of some form.

[DC1MC]

The OP's quest made me suspect he run out of recovery options like didn't put 2nd email, phone, forgot recovery question and etc, as these are pretty straight forward.

Yes, it's a bit vague. But how would giving credit-card details help? It's definitely a scam of some form.

It will help a lot the cracker, Jan he will lose the little money who are left in the account, and if the CC has actually a few KEUR overdraft, then lose these euros as well.

 DC1MC

 

[NivagSwerdna]

Hi Jan, it's sad to see    that in 2018 there are still people using windows...

... and back in the real world.... Sounds like phishing.

[Brumby]

... and back in the real world....

Oh, good.  I'm glad it wasn't me.

[Jeroen3]

Microsoft decides to comply to eu laws today. GPDR.
To protect minors of course.

Here another topic of someone who’s underage kids can no longer acces their Microsoft account, including all files for school and steam games since windows won’t login either.

https://gathering.tweakers.net/forum/list_messages/1849211

[mikerj]

Hi Jan, it's sad to see    that in 2018 there are still people using windows for online stuff, in the age of hundred gigabytes SSDs where you could have made a small 100GB partition, install Ubuntu or Linux Mint and surf worriless  . If you need to use some MS  only program, boot on windows and use it, but don't go online, or you'll get p0wn3d, in the best case you'll mine coins and spread propaganda and spam, in the worst case you'll lose all your money and get you identity stolen.

I'm not a Linux user so I hope you can explain how using Linux on your own PC prevents theft of your personal information from third party servers?

[Karel]

I'm not a Linux user so I hope you can explain how using Linux on your own PC prevents theft of your personal information from third party servers?

Eh... maybe by lowering the chance that your pc gets infected so that the culprits can not steal your saved logins?

[DC1MC]

Hi Jan, it's sad to see    that in 2018 there are still people using windows for online stuff, in the age of hundred gigabytes SSDs where you could have made a small 100GB partition, install Ubuntu or Linux Mint and surf worriless  . If you need to use some MS  only program, boot on windows and use it, but don't go online, or you'll get p0wn3d, in the best case you'll mine coins and spread propaganda and spam, in the worst case you'll lose all your money and get you identity stolen.

I'm not a Linux user so I hope you can explain how using Linux on your own PC prevents theft of your personal information from third party servers?

Well, usually it goes like this:

You surf some legitimate sites and got hit by a drive by Javascript injection attack via some ad, don't need to go to shaddy sites anymore nowadays, eventually open a PDF file for an old part, found somewhere on on the net from a Chinese site and you AdobeReader is not patched or is a zero-day exploit. The payload is downloaded, launched and take fully the control of your PC, in a very intrusive mode,  may say.
Now your PC is on of the millions of windows remote controlled PCs.

First the newly joined machine is searched for any information that may prove useful to the bootnet masters, do you have security clearance, do work for a government agency or important company, if not you can still mine some coins and do some DDOS attacks, also if you do your banking your account details and passwords are most welcome.

None of this ?

Don't worry, we'll do a browser hijack, and instead of outlook.com now your saved email page goes to cracker.com phising page and if you give the CC details, score !!!


None of this would happen when using Linux, because:

 - The normal user account is not a privileged account, no programs are installed without your consent and even with your consent is difficult  .
 - Reduced attack surface due to better security architecture and not the least because the Linux distributions are fragmented and isn't worth building personalized exploits.
 - No Adobe Reader anymore (big win), rarely the flash works.

So, in my experience I've never ever heard of some Linux desktop remote exploit, browser hijacking and similar stuff, of course the human factor will still click links in the mails and go to PäyPal.com, but this unavoidable.

 Do you want to know more ? 

 DC1MC
 
 

[Yansi]

Just a little offtopic wow: Are people (parents) these days so stupid and naive, to make their children email (or whatever else) accounts, at the big boys companies? Or to use cloud for your personal data? Just pure wow... I never thought that there is so many naive people these days. But as less and less people understand the basics of IT, it kind of makes sense (and profit for the big boys).

Kind of sad.

[Maxlor]

None of this would happen when using Linux, because:

 - The normal user account is not a privileged account, no programs are installed without your consent and even with your consent is difficult  .
 - Reduced attack surface due to better security architecture and not the least because the Linux distributions are fragmented and isn't worth building personalized exploits.
 - No Adobe Reader anymore (big win), rarely the flash works.

I don't think you're doing Linux much of a service by telling people stuff like that. It comes off as smug superiority, not as convincing. And it's not even accurate:

- Whether a user account is privileged or not is irrelevant when an attacker is snooping for sensitive information such as passwords, credit card numbers etc..
- Whether a user account is privileged or not is irrelevant when most attacks nowadays target running applications. Hijacking a running browser process is enough to do damage, you don't need to modify the on disk binary. Especially since Linux users tend not to reboot often.
- Even with an unprivileged account you can deploy code that runs on startup. Just throw a startup script into ~/.config/autostart, that launches a binary somewhere else in the user's home dir. It's unlikely to be discovered by the user, and certainly not by antivirus software since no Linux user I know runs that.
- If you're running as local user, getting root is not impossible. Local root exploits pop up every so often and don't receive anywhere near the same attention as remote exploits, obviously. So how many of them are still unpatched in your system?
- Better security architecture – are you kidding me? Linux has the same old root/user separation it's always had; I only very rarely see advanced stuff like MAC used on a desktop. Windows nowadays has a much more modern security architecture.
- Well, not running Adobe's craptastic software certainly helps. But err... you do know that there are other PDF readers for Windows and MacOS X too? And that Flash is about to be gone altogether anyway?

I think the biggest thing that keeps Linux users safe on the web is their low profile (there aren't that many of them, it's not that interesting to target them) and they're higher level of knowledge (they tend to do stupid/risky stuff less often.) It's really not because the people making Linux know something that the people making Windows don't.

The biggest reason I use Linux whenever I can then is not security, but control. It happens a lot less often that my computer is doing sneaking stuff behind my back with Linux than it does with Windows or OS X. And it's much easier for me to adapt a Linux system to my way of doing things, than to do the same with Windows and OS X. But I perfectly understand if that isn't a convincing point for people – having control, and using productively it takes a considerable amount of effort. If they don't want to spend the time and accept the small pain of adapting themselves to the computer instead of the other way round, that's perfectly fine too.

[JanJansen]

Jeroen is right, it has to do with the EU law.

I have the password of my hotmail.nl account offcourse,
can i still hack it somehow ?, or is it hard to hack if you have the password already ?

I went to microsoft because google had something new : they read your emails for you,
so after i had hotmail, microsoft also started to reading your mails,
i had no choise, i need some email adress, ( let them read that i buy transistors for 3 cent and resistors for 0,5 cent, they cant advertise for that cheap, only i have the feeling there is more to it then advertising only )

Then all the sudden microsoft wanted my second email adress or phone number, and now my creditcard number, ( first they read my mail for advertizing, now they want to call me with a nice offer ?, and now they want my money without any offer )

So if anyone know how i could hack my own email ?, its perfectly legal so dont hezzitate.

By the way, if microsoft wasnt so dumb while reading my mail, they could have know that i am older then a kid.

And no i dont want any linux, maybe windows runs on linux now these days ?
Anyway i hope microsoft go broke, i dont give them the 50 cent they wanting.
After that i will install linux, its all the same, windows has more users, so is more intresting for virus makers, dont say you are save on linux, i dont believe you.

[IanB]

Microsoft decides to comply to eu laws today. GPDR.
To protect minors of course.

Here another topic of someone who’s underage kids can no longer acces their Microsoft account, including all files for school and steam games since windows won’t login either.

https://gathering.tweakers.net/forum/list_messages/1849211

I can't help thinking that if this were real then it would be all over the Internet. But a Google search turns up nothing. So is it really a hack or a phishing scam as others have suggested?

[Jeroen3]

To be affected by it, you have to be a minor or you have lied.
https://blogs.microsoft.com/on-the-issues/2018/04/11/microsoft-begins-new-eu-gdpr-parental-consent-verifications-for-childrens-accounts/

How can it be phishing if you login at live.com and are served this message with the option to pay 0,50 dollar or send in a copy of valid identification?
The phisers would have to be in your browser to start with, then this is a really poor method.

Google did the same a few months ago.

[IanB]

OK, so it seems to be real. But I still surprised there is so little discussion of it online. It seems like something that would prompt lots of questions and complaints, yet a search with relevant keywords didn't even turn up that Microsoft link.

[IanB]

Jeroen is right, it has to do with the EU law.

I have the password of my hotmail.nl account offcourse,
can i still hack it somehow ?, or is it hard to hack if you have the password already ?

I went to microsoft because google had something new : they read your emails for you,
so after i had hotmail, microsoft also started to reading your mails,

Don't be paranoid. Emails have never been private or confidential. In the early days they were sent over the wire in plain text for everyone to read.  Maybe they still are.

If you are an adult you have no choice apparently but to comply with the requirements and provide a credit card, or provide some other proof of age and identity.

After that, start lobbying your legislators about annoying laws and consider voting for people who will oppose them.

[Jeroen3]

Don't be paranoid. Emails have never been private or confidential. In the early days they were sent over the wire in plain text for everyone to read.  Maybe they still are.

You only have control over the connection to the first mail server. Whatever happens next is beyond you. All mail servers in between can read (archive and change) the contents unless you use PGP.
This is why FAX is still used, your message is delivered immediately, and theoretically, isn't stored or altered by any servers in between.

After that, start lobbying your legislators about annoying laws and consider voting for people who will oppose them.

We just got these laws to limit the freedom of US companies with EU data. And to just raise the security and awareness in companies handing any data have.

OK, so it seems to be real. But I still surprised there is so little discussion of it online. It seems like something that would prompt lots of questions and complaints, yet a search with relevant keywords didn't even turn up that Microsoft link.

As I said, only if microsoft assumes you are a minor you have your account blocked. The amount of people will be low. And it's not like microsoft is wrong that people will rant about it on the internet.

[Karel]

It's unlikely to be discovered by the user, and certainly not by antivirus software since no Linux user I know runs that.

There's no need to run av because it doesn't protect you. It just informs you afterwards that you have been infected, when it's too late.
Everyday, new malware is released which is not recognised by av despite heuristic analysis. It takes at least a couple of days
before the new malware has been reported, analyzed, added to the av-list and updated to the clients. In the meantime many
pc's are already infected.
One could argue that it's better to have just three pieces of malware installed on your pc instead of hundred, but in the end
I don't think it makes much difference...

And let's not start about the risks to brick your windows installation because the av accidentally put some important system files in quarantaine...

I think the biggest thing that keeps Linux users safe on the web is their low profile (there aren't that many of them, it's not that interesting to target them)...

I agree.

... and they're higher level of knowledge (they tend to do stupid/risky stuff less often.) It's really not because the people making Linux know something that the people making Windows don't.

Windows is made for the masses. Linux is made by engineers, for engineers.
They have different requirements and because of that, the result is different.

The biggest reason I use Linux whenever I can then is not security, but control. It happens a lot less often that my computer is doing sneaking stuff behind my back with Linux than it does with Windows or OS X. And it's much easier for me to adapt a Linux system to my way of doing things, than to do the same with Windows and OS X. But I perfectly understand if that isn't a convincing point for people – having control, and using productively it takes a considerable amount of effort. If they don't want to spend the time and accept the small pain of adapting themselves to the computer instead of the other way round, that's perfectly fine too.

The biggest reason I use Linux 99% of the time (at work and at home),  is security, control and ease of use (compared to the alternatives).

[bd139]

Interesting thread.

Linux won't give you "any more security". Not unless you've configured SELinux properly, which you probably haven't. For example if there is a buffer overrun in Firefox then it can escalate quite happily to run execve() and piss all over your user account unless it's in an SELinux context which allows access to only the files and network sockets that Firefox needs to run. Once your user account is compromised then it's game over either way as that's where your data lives which is the highest protection priority on the system. The main reason to run Linux is "functional idempotency" which means every time you get it to do something it does the same thing, and does it pretty damn quickly, unlike certain monolithic lumps of poo from Redmond. Oh and it's free.

Antivirus is a scurge. It's necessary only for some class of user called "the dumbass". In some cases it's actually likely more harmful than using none. Look at microsoft Defender / Security Essentials. The virtual machine in the sandbox executes as SYSTEM. This lead to some privilege escalation attacks as Google found out in Project Zero. And then there's the false positive, the rampant destroyer of network stacks!

A point on the cloud: it's a compromise. I personally don't use any cloud based services for anything critical because I have been on the raw end of a company pulling their services at zero minutes notice resulting in a mass migration which cost a company a week of downtime. However I run my own domain and subcontracted the email services out to fastmail as they do a better job of SPF, DKIM etc than I could be bothered with. I run inbox zero i.e. I can afford to lose the service instantly and carry on. I just move my domain over to another provider. The cloud from an infrastructure perspective is ok i.e. if your software is portable but all the ancillary PaaS services which are difficult to escape is a ridiculously dangerous situation and should be avoided. For example: use RabbitMQ on an EC2 instance instead of AWS's SQS service. You can move RabbitMQ but you an't move SQS. And then there's the geopolitical instability of using a foreign country's services.

Really:

1. Use linux but don't assume it's any better for your security, mainly just your sanity and productivity. Most of the attack vectors are still there but just not exploited routinely.
2. User diligence is more important than safety nets.
3. Make sure you can move everything you have off the cloud in a snap if you have to.

[Stefan Payne]

None of this would happen when using Linux, because:

 - The normal user account is not a privileged account, no programs are installed without your consent and even with your consent is difficult  .
 - Reduced attack surface due to better security architecture and not the least because the Linux distributions are fragmented and isn't worth building personalized exploits.
 - No Adobe Reader anymore (big win), rarely the flash works.

So, in my experience I've never ever heard of some Linux desktop remote exploit, browser hijacking and similar stuff, of course the human factor will still click links in the mails and go to PäyPal.com, but this unavoidable.

1. Same with Windows. If something wants Admin Privileges, Windows asks you if it is OK, well if you didn't disable this and this is standard since 2006 or so, Vista
2. So you're saying that its less vulnerable to attacks because nobody uses Linux...
But that Argument is Bullshit since Linux goes down to some single points of failure, the Kernel, systemD and other Libarys that most distributions use. The biggest differences between those is the Package Manager, not the Libarys.
3. Since Windows 10 nobody uses that no more, Windows has its own tools for PDF files and even can print PDF files.

So in the End you are just flaming Windows for no reasons, because you believe in Linux...

I like new things and tried Linux many times and its not as awesome as some Linux Fans make it out to be. And if they would be honest, it would help more people converse to Linux  than telling people its the best there will ever be.

And to be blunt:
The Strongpoint of Linux is its modularity. If you really know what you are doing, you can build a Linux that's really well suited for whatever you are going to do with it.

As a Desktop OS, Linux is a Pile of Shit, because the Window Managers are so ancient, badly imitate mac OSX (Gnome, rotate the Apple Dock by 90° Clockwise...) while not beeing that user friendly at all.
And KDE for example doesn't even support streaming from Windows Shares.

So no, Linux at a Desktop OS is not a good idea. Especially if someone isn't interested in Command Line Stuff.
Because that's still needed today.


Sorry, but for Endusers, there are just two possibilitys right now:
Windows
MacOSX

Both are viable options. Linux is not really. Most of the Window Maneger Things are at a Level of Windows Vista at most, many even Windows 95. Or worse.
I think it was in the Linux Mint 18.2 or so Changelog where they mentioned that Mate is now able to put the Startbar to the left or right side. Yeah, Windows 95 already could do that...


Anyway, back to topic:
That sounds phishy....
Don't give them your Credit Card information!