Solved

Security, hackers

Posted on 2016-07-26
10
112 Views
Last Modified: 2016-07-27
My OS is win 10 pro 64 bit, and I have Avast and malware bytes for the anti virus.  And I guess whatever security programs that comes with win 10 pro.  
1.  During the day whenever the pc is not in use, I usually put it to sleep.
2.  And when I want to use it again, I have to login to my pc.
3.  at night either it is in the sleep mode or completely shut off.

After logging in, I load the MS Edge and go to my email, by loading the portal.office.com.  Since I use this method always, thus my user name and password are already populated, and I just have to hit enter to enter into my Outlook.  My email is msn the free account.

Hope the experts could please study the above scenario and let me know if there Is anyway for anyone to hack into my pc, especially to my email.  

Because recently an email I sent, the receipient swears that it had been compromised.  Thus my concern.
Although I had other thoughts.  Because if someone had logged into my account from a different pc or geo location, I thought MS would either email or text u that your pc was logged in from a different location.  
thank u.
0
Comment
Question by:jegajothy
  • 3
  • 3
  • 2
  • +1
10 Comments
 
LVL 90

Assisted Solution

by:John Hurst
John Hurst earned 125 total points
ID: 41730298
For your physical computer, suspended or turned off, there is not much way to hack into that and do damage.

For web mail, it is ALWAYS possible. Change your password to a very strong password and then change it at least quarterly.

For your actions:  Strange emails you download and open and Websites you visit - Train yourself not to open strange emails, rather just delete them; and, be careful where you visit and never click on any link wanting to help you.

Finally ALL calls from Microsoft about your computer(s) are spam.
1
 
LVL 26

Assisted Solution

by:Thomas Zucker-Scharff
Thomas Zucker-Scharff earned 125 total points
ID: 41730441
Never save your password in a browser
1
 
LVL 3

Accepted Solution

by:
James Edwards earned 250 total points
ID: 41730698
There are many, many ways to hack and compromise your computer, far too many to list.  However, as John has said, there aren't really many when a computer is suspended/asleep (perhaps a Wake-on-LAN packet injected somehow, but that's about it).

With regards to 'Because if someone had logged into my account from a different pc or geo location, I thought MS would either email or text u that your pc was logged in from a different location. ' - this seems like Apple you are thinking of.  If your iCloud or iTunes accounts are logged in to from somewhere else, or you use a new browser etc, then you get an e-mail from Apple telling you about it. Microsoft don't do this.

You can only really be hacked via e-mail if you open unknown attachments or click links you really shouldn't be clicking.  Even if the message appears to be from someone you know, bare in mind that THEY could have had their PC compromised and the message may not really be from them.  Would Auntie really be sending you nude pics of a celebrity?  If in doubt, don't click (and be vigilant if you aren't that suspicious).

Also, don't use the same password across multiple accounts.  I.E. don't use the same password for your banking as for your e-mail.  The stories you see in the press of compromised accounts always shows that people who are hacked on one account have used the same password in other places.  The first thing hackers do when breaking in to a low-security, low-impact site (such as a gaming site or social media) is to then try those same credentials on profitable sites such as banks.  You need unique passwords for each, and I then recommend a password vault to store all of these passwords so you don't have to remember them all and are tempted to write them down.
0
 

Author Comment

by:jegajothy
ID: 41731042
in response to Thomas, How do u do that.  Eg the portal.office.com the password displays as **** if I had logged in before, but there is no field to check to save the password, only a "Keep me signed in", which I check, thinking that if I am a bit too long on the program, I might be cut off mid stream.  
So how does one do not display the password on any site that I log into regularly? thank u.
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 41731044
So how does one do not display the password on any site that I log into regularly?

Most sites now encrypt the password (showing **** for the password). It also encrypts in Credential Manager.
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 26

Expert Comment

by:Thomas Zucker-Scharff
ID: 41731048
At one time or another you have allowed the browser to remember your password. The browser will store your login credentials for you and use them on that site.  The first place most malware will check for passwords is in the browser most used (since it needs to do it before being discovered and this is the most likely place  to find login credentials in clear text).  You can make you're browser delete all saved passwords easily, where depends on the browser.
1
 
LVL 3

Expert Comment

by:James Edwards
ID: 41731071
Assuming Internet Explorer.  In order to cleared stored/cached passwords, carry out the following:

1) Click Start
2) Type Control Panel (this should automatically start typing in to the search text box) or if you can see Control Panel on the Start Menu, click Control Panel
3) Click User Accounts
4) Click on Manage Web Credentials.
5) Click on the drop down arrow by the web site you want to remove the password for.
6) Click on Remove.

For Firefox:

1) Click the menu button and choose Options.
2) Click the Security panel.
3) Click Saved Logins… and the Password Manager will open.
You can use the search box to find a particular website or username. Click the X in the search bar to clear your search and see the full list again.
4) To remove the username and password for a website, select the site's entry from the list and click Remove.
Or to remove all stored usernames and passwords, click Remove All. After confirming this choice, all of your stored usernames and passwords will be deleted.

And for Chrome:

1) Open the Chrome menu using the button on the far right of the browser toolbar.
2) Choose the Settings menu option (highlighted in blue).
3) Click the Show advanced settings… link located at the bottom of the page.
4) In the “Passwords and forms” section, click the Manage passwords link.
5) Locate the username/password entry you wish to delete and click the X (cross) on the right-hand side to delete the entry.
0
 

Author Comment

by:jegajothy
ID: 41731178
thank u everyone for your advise.  I just have to be more careful I guess, and not a good idea for me to check my email when I return home fully exhausted after a trip.
0
 

Author Closing Comment

by:jegajothy
ID: 41731179
thank u for your advise and suggestions.
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 41731182
I am away right now and keep my computer with me to collect email.  Thanks
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

If you don't know how to downgrade, my instructions below should be helpful.
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
Office 365 is currently available in five editions. Three of them are for business use: Office 365 Business Essentials, Office 365 Business, and Office 365 Business Premium. Two of them are for home/personal use: Office 365 Home and Office 365 Perso…
This Experts Exchange video Micro Tutorial shows how to tell Microsoft Office that a word is NOT spelled correctly. Microsoft Office has a built-in, main dictionary that is shared by Office apps, including Excel, Outlook, PowerPoint, and Word. When …

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now