Ask a new question

Am I hacked? (received an email from my own emailaddress)

Hi,



I received an email presumably send from my own emailaccount, subject 'You've been hacked' starting with



'I want to inform you about a very bad situation for you. However, you can benefit from it, if you will act wisеly.

 

Have you heard of Pegasus? This is a spyware program that installs on computers and smartphones and allows hackers to monitor the activity of device owners. It provides access to your webcam, messengers, emails, call records, etc. It works well on Android, iOS, macOS and Windows. I guess, you already figured out where I’m getting at.'



Etc.



So the content of the email doesn't worry me, but what I can't understand is why the e-mail is send from my account. Or why it looks like it is send from my account. It doesn't show any other address.

Image



When I check Source of the message, the following pops up, but this to me is jibberisch... Can anyone explain to me why it looks like I send this to myself and if I indeed been hacked or not?



Thank you!









Received: from DU2P193MB2049.EURP193.PROD.OUTLOOK.COM (::1) by AM0P193MB0690.EURP193.PROD.OUTLOOK.COM with HTTPS; Tue, 2 Jul 2024 02:16:52 +0000 Received: from DB8P191CA0021.EURP191.PROD.OUTLOOK.COM (2603:10a6:10:130::31) by DU2P193MB2049.EURP193.PROD.OUTLOOK.COM (2603:10a6:10:2fd::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7719.32; Tue, 2 Jul 2024 02:16:51 +0000 Received: from DB1PEPF000509F2.eurprd02.prod.outlook.com (2603:10a6:10:130:cafe::3c) by DB8P191CA0021.outlook.office365.com (2603:10a6:10:130::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7719.33 via Frontend Transport; Tue, 2 Jul 2024 02:16:51 +0000 Authentication-Results: spf=fail (sender IP is 156.233.162.9) smtp.mailfrom=hotmail.com; dkim=none (message not signed) header.d=none;dmarc=fail action=none header.from=hotmail.com; Received-SPF: Fail (protection.outlook.com: domain of hotmail.com does not designate 156.233.162.9 as permitted sender) receiver=protection.outlook.com; client-ip=156.233.162.9; helo=me38.com; Received: from me38.com (156.233.162.9) by DB1PEPF000509F2.mail.protection.outlook.com (10.167.242.148) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7741.18 via Frontend Transport; Tue, 2 Jul 2024 02:16:51 +0000 X-IncomingTopHeaderMarker: OriginalChecksum:B7E61057C8BBFB70EF50497922FD678074E0F9A31342B2EC67232B534F644AAC;UpperCasedChecksum:73FB0F26A3EF0B4B3D6161FA408F0E9E4FD4F1ADF156DCD03D089677C4C90F7B;SizeAsReceived:290;Count:7 Message-ID: <*** Email address is removed for privacy ***> From: *** Email address is removed for privacy *** To: *** Email address is removed for privacy *** Subject: You've been hacked Date: Mon, 1 Jul 2024 19:16:51 -0700 Content-Type: multipart/alternative; boundary="09a361167eba959ebd170be015f0ce2424" X-IncomingHeaderCount: 7 Return-Path: *** Email address is removed for privacy *** X-MS-Exchange-Organization-ExpirationStartTime: 02 Jul 2024 02:16:51.7662 (UTC) X-MS-Exchange-Organization-ExpirationStartTimeReason: OriginalSubmit X-MS-Exchange-Organization-ExpirationInterval: 1:00:00:00.0000000 X-MS-Exchange-Organization-ExpirationIntervalReason: OriginalSubmit X-MS-Exchange-Organization-Network-Message-Id: aea22e83-f6b2-44ad-16bc-08dc9a3d0931 X-EOPAttributedMessage: 0 X-EOPTenantAttributedMessage: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa:0 X-MS-Exchange-Organization-MessageDirectionality: Incoming X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DB1PEPF000509F2:EE_|DU2P193MB2049:EE_|AM0P193MB0690:EE_ X-MS-Exchange-Organization-AuthSource: DB1PEPF000509F2.eurprd02.prod.outlook.com X-MS-Exchange-Organization-AuthAs: Anonymous X-MS-UserLastLogonTime: 7/1/2024 2:19:15 PM X-MS-Office365-Filtering-Correlation-Id: aea22e83-f6b2-44ad-16bc-08dc9a3d0931 X-MS-Exchange-EOPDirect: true X-Sender-IP: 156.233.162.9 X-SID-PRA: *** Email address is removed for privacy *** X-SID-Result: FAIL X-MS-Exchange-Organization-PCL: 2 X-MS-Exchange-Organization-SCL: 5 X-Microsoft-Antispam: BCL:0;ARA:1444111002|58200799015|461199028|47200799018|9800799012|1360799030|1290799027|1370799030|440099028|3412199025|7310799015|7112599012|2980499032|7110799015; X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Jul 2024 02:16:51.5787 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: aea22e83-f6b2-44ad-16bc-08dc9a3d0931 X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-AuthSource: DB1PEPF000509F2.eurprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: Internet X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU2P193MB2049 X-MS-Exchange-Transport-EndToEndLatency: 00:00:01.2088581 X-MS-Exchange-Processed-By-BccFoldering: 15.20.7719.007 X-Microsoft-Antispam-Mailbox-Delivery: ucf:0;jmr:0;ex:1;psp:1;auth:0;dest:J;OFR:SpamFilterAuthJ;ENG:(5062000308)(920221119095)(90000117)(920221120095)(90011020)(91015020)(90015022)(91040095)(9050020)(9080021)(9100341)(1018006)(944500132)(2008001181)(4810010)(4910033)(10005027)(9620004)(9525003)(10150021)(9320005)(9245025)(120001);RF:JunkEmail; X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MjtHRD0yO1NDTD02 X-Microsoft-Antispam-Message-Info: =?utf-8?B?MnhlL3FHT29EOFkyNUJLNlpiWXltWktPU1lBU3hZdHp5TEdQU1ozRFZnTTNJ?= =?utf-8?B?N09NK1lKOVhlZHFGUXlHWnIzS0tzM0FpdllCOUY4WTE2THQvUzhvWVVIL1hp?= =?utf-8?B?TUVva2ZxV0VBN0NrY2hCTWhxYisyZEZPaFVrUkRjSjNGWi95NVExVU5QYVpt?= =?utf-8?B?aVZQK0IvNStIcnlMTmtSdWxIekovcXRCRmhzZmdBdVdzM0hJUUx1bUpQekJu?= =?utf-8?B?NjFmWi95eWZFVmxydy9PMDd2TDBRTlJDcW4wUUtsdVFWT0d4SzBMNjJ2QU9I?= =?utf-8?B?cHloZVU0K09aaWZyZjVReW91bS9HNHpON1h3WThPN1B6ejM3aXZBR1h5aEtT?= =?utf-8?B?TERMTU1mMHFMVTkyN2RmNmYyS3RyR3BTVTlvRTY2M3ozSXBaTHJ5S1h6eG5q?= =?utf-8?B?dEpYREJKeC90R09la1JVMzZELzhPakZEemNYUlJsVmY1YkV0M0RHSWxhTWFI?= =?utf-8?B?QXlBS3cwc3ZkS3hOUFpNR3c1Z1FiSkNRYW9FQjVlRGhscm1idjZ0NHJBenZo?= =?utf-8?B?L0JrVGh6U1cweGhtaWo3NkwwR3B2c2QwaC9aQ2NXajVENTF1Y3FhZTlhMEU4?= =?utf-8?B?YVhDdEN3QSt0aUhtcXliT1JFUnlPR3JLaUZ6VXJKWXJ6QitxNTU0bHVtbkV5?= =?utf-8?B?T040QXNmbVRac2NtbUx3WVBHaTJYZzFQc0w2ZS9FeThha0JhVUs1dHl3L08w?= =?utf-8?B?RUszRWNaVWJsYkc5bzJtcDVTMm81WkF0OHVzTCtqZktqQ0MzOTVlWW5uaEww?= =?utf-8?B?bEFuOUVvV2R2ODhEZVY0Q0pwR0U2Vk1pZG1mVk5UVUU5V21NK1pLNElTSE5B?= =?utf-8?B?V2cwdlQ4TUFDS1gwdVNRUEVWT3EwSkZFSDRQM1FOemZYS0d0M3JVbXgydXpj?= =?utf-8?B?SW9sbHBNYnQxd3Z2VVFjKzRlT2E0NmxXbjdSaHBxa09jd2dLVEJ0V0lnTWd3?= =?utf-8?B?YWVtd3MvZ0dlMFJpUnJZQ0dMOW1ncjdpejR2V0ZKWkkwUWVCYW1LRjNOdXhI?= =?utf-8?B?UXZVRFlOL3FaUXB6eHN4OUNrZGY3ZmtsMTdNendUT2FlWGg0U0JQaHpPczRU?= =?utf-8?B?RC9SdTVlWFFEcTFaYmpNQUNpWmU4Z0pNMnp3ODZMYVVTWG1YMmpVWkY4bStC?= =?utf-8?B?UjFhYVkrU29aR3NxbGhRVm1rSVRsN2dNUHh6Rmk1VGlqVlB1bFZLcGszL1Zh?= =?utf-8?B?WUhaMVcrYnh1eHJ3QWtoVFNxZ1Z6UDl2NCs3QW5xaUEyN3Y3MW02czRWS3Yr?= =?utf-8?B?dUh3c1lsaGp3TkQxUE9JMzRmbzdacGc5aUM1QS9OVkU1NS9hWWdBQi80NHRl?= =?utf-8?B?a1B3YjM5SEEvRmgrMmdIQ0J6aW44b3l1OFdWOVhSMlBJUitkeW5jOWloSzJY?= =?utf-8?B?QmdMRFNzTTFTZWhMZnY4ZjY4VDhEZExKWVk3Qm05ZUJsbUVPbm0rbEV2ZDlu?= =?utf-8?B?RWkzQzZsK2pTOUc3ZDAyZnhxc0UvUEt1cEJpVHRSMGNwVDNzcUE3akt6QmNu?= =?utf-8?B?N0tXUnA0UzFOWnA4N003TjFlR0UyYXlQUERlNEV0TzBPdm9QU2dVVEtMM3NN?= =?utf-8?B?Y3VhS3JSanVRMFRXeW5nbnlGNVZnSmd2T29HUy90YVovemJ3SGU2d2RlMUtV?= =?utf-8?B?U0NJZUcrZjc4dVZBb1pSZkRPZlh3RlZPRkJLdVFZUW1xS3RqK1ZpeUFLbWFF?= =?utf-8?B?MFcyK1dPaG02U2FnRjVqQjFId25rbGZRTVlYTUpCMVg5MXNmWG82cmtvcEdI?= =?utf-8?B?dXM3K1hTbnQxbVVXeElUSFNzWlpFSEZ4MVBwd0pGbmR5c3BXZmpwV0xZRWh2?= =?utf-8?B?a3lESndUTC9iYkVRWlZqMGc3U2FBVk94NXVuZlc0eVYrU1RxbnF0ZEhDTkZw?= =?utf-8?B?RjUvZkJVNmZpRXY5SkJ3S2ZJUGJud1VWOHNKWmhQNEU4RUp1VW1nLzE3bGVX?= =?utf-8?B?N084YituemZDTk5xSHpBb050Sm4vZTlEcGZxdXRYS0NLSkg5d050OENtak82?= =?utf-8?B?d0xQL095VzdBQVN5cXdTam5NOXVySWsxNnpHc0M2MGRwb2tGV21sZHFDaCtw?= =?utf-8?B?bVMvYXpXMDdIR3lldG5uZjRyazRHanFwYzVGcmdlMytMelhwV1phMW1qcVRE?= =?utf-8?B?K0JLaVAyU2E4WTdRZEJXanc1bElWY2czT0d3M2JPVGYyUlZiU1FDeWd5bGlX?= =?utf-8?B?aGRVWmkxMDVTRVRKWVovRE4xdjhOVXRwT1N6U1J2TXQzNkllcExOTTJaZTl2?= =?utf-8?B?R25jSEpiMG90eHJSZ002M2NQM0xuYk9MV0gxK21JNDRKZFBuQStab1FDRUdO?= =?utf-8?B?ZXFsQ2hGREpKWlNtQ0R0bUJkVkFBWmVFeldybmNUeWVNeTArS0tzemMva2Jn?= =?utf-8?B?Nk9Ba3RCeGxXRklQT3E0SVUwRm4vTUJqcG0zak9SR1M5SzBNcytiUi9DeSs5?= =?utf-8?B?MEJzOUk4djRzcXUwYkdjczI1N1JPRDRWTEhJOTVQSjk4RFQ5NXpXTTRFZW81?= =?utf-8?B?by9vZUVpMGtUTktOSG95elJHYnFDMysxR0Z0Z09GUHVSWGI2SDc1Z1l5Y2pw?= =?utf-8?B?VlZtRzlvWE1kOE44RXFOWkFDWEYzbVhGSU93NkZYODRwWjlLOENtME5PNE1W?= =?utf-8?B?SXJDYVB0cEhqaHlnUC9ySUxmb3RrWnlkWTlsdUdrMjZlV3FPUm5jVHd2NDNT?= =?utf-8?B?VHRwVDZlSkhsaU1pNzJ3bENVSUJabFBHQnhNd0toM3R6OW15Q1l2ZHJYSXFB?= =?utf-8?B?bktCL3JjbnBaWHlkZTE0WVc5cHcrTU5MSGR1ZmM0UEk5TUFlS0R0bGhiRGVr?= =?utf-8?B?aWVoQ05MZjRzZUFUZVJCdkVzSi9JOWVwZ1pEVGtReHI1cklEblJuaXIvWWwy?= =?utf-8?B?TlVXc1hocTA1MDRoTzRiYTlZSHFQYVdzMVBwcE1IWkwxdzlERXRGMllhUDRi?= =?utf-8?B?NitKeDVub0VTenI0MnkxUUlSZ2N6UHdzWlh6bUQyamNsNlgwdGp5VlBGNWhI?= =?utf-8?B?K3pwQWlsc0dqdzJLTFN4NHE0SUdLUGJYSks3dGRzTC8wTVFPcTVjUzdEWURF?= =?utf-8?B?S0RGc3Z3eTJLdUdjVjV4UzYvV2hCV2w2RnVJdTBBcktzb2FVOUl1a1BkQUcx?= =?utf-8?B?VHhlV2I4Rk9OdVY3eUtoV0dyNEltSEhGQVd3UlFEL1pOdWVsZG5ETjdZTnQx?= =?utf-8?B?T1I0K3dpU0FSTWhncE9OYkhyYVErREJyWXpnQWVJTGZGekxLalFCbldGMWs5?= =?utf-8?B?QVpNbzZzeTN1ckhKazBOU1VnTkhkb2tNUUp5ZDJPL3ZXVU12VEV1S1lBZ3Ev?= =?utf-8?B?M2FGaGNUWEJ3TlJtVFgyQnEwaEtiZ1JveU41UkVRWnZxRGRCbmlqN1JIU3Q0?= =?utf-8?Q?FQIRipV7nlLsjFrHuqkDl?= MIME-Version: 1.0 --09a361167eba959ebd170be015f0ce2424 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable

* Please try a lower page number.

* Please enter only numbers.

* Please try a lower page number.

* Please enter only numbers.

Dear nube the first

 

Welcome to Microsoft Community.

Hello, based on your feedback, I would like to know if you have clicked on any other suspicious email links before?

Checking your message here, since Microsoft can't control the hacker's activities, that is to say, it's impossible to clearly see the hacker's action track, but more than your feedback of the current encounter, we can judge that there are two possibilities:

1. The other party only obtains the name of your mailbox, and then it creates a mailbox with the same name through a special way, but actually sends a letter to another mailbox to carry out intimidation and extortion at a time.

2. The other party has already obtained all the private information such as your mailbox name, and then it directly logs in other places and performs the same mailbox to send letters.

But no matter what the possibility, you are now seeing a serious security risk to your account (which includes your computer and cell phone), if you can, you should follow the steps below to protect the security of your account at the first time:

1. Check your recent activity page. This shows you when and where you've used your Microsoft account in the last 30 days. You can expand any activity listed to see location details and find out how the account was connected, using a web browser, phone, or other method.

If you only see a Recent activity section on the page, you don't need to confirm any activity. What is the activity page:What is the Recent activity page? - Microsoft Support

2. Change your password immediately: This is the first and most important step to take. You should change your password to a strong, unique password that you haven't used before. Be sure to use a combination of letters, numbers, and symbols to make Reset a forgotten Microsoft account password - Microsoft Support

3. Enable two-factor authentication: This is an additional layer of security that requires you to enter a code sent to your phone or email before you can access your account. This will help prevent unauthorized access to your account in the future:How to use two-step verification with your Microsoft account - Microsoft Support

4. Check your account settings: Make sure that your account settings have not been changed by the hacker. Check your email forwarding settings, filters, and rules to make sure they're set up correctly.

At the same time, use antivirus software to check the used computers and cell phones, but combined with the information from the hackers, if it is disguised as a normal application, it may be able to escape from the antivirus software, in this case, due to the inability to find the location of the spyware and the state of the disguised, and then only to restore the factory settings for the cell phone you are using, and for computers need to empty all the disk and partition to reinstall the used system. For computers, it is necessary to clear all disks and partitions and reinstall the system, and this process will clear all programs you have, but only in this way, to ensure the safety of your device.

Disclaimer: At this point, we have exhausted all troubleshooting and I recommend that we try to perform a clean install to get your computer back into a working condition. Please ensure that you backup any important data, including Documents, Pictures, Videos, and more.   

Feel free to text back if you need further help.

Best wishes

Chris.S-MSFT | Microsoft Community Support Specialist

53 people found this reply helpful

·

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Weirdly on here for the exact same thing sounds like the exact same email but looks like it’s come directly from my account. I’ve changed my password and set up two point authentication now. But just so you know it’s not just you. I’ve stupidly reported it as phish and for some reason it’s disappeared and not I’ve just black listed my own email address 😓

71 people found this reply helpful

·

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Hi, I am also getting the same email as reported above today, from my hotmail account.

33 people found this reply helpful

·

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Hi,

I got the same email as well!!! My sign in recent activity is fine. And 2 factor authentication was enabled a long time ago. I hope this gets addressed.

Thank you

49 people found this reply helpful

·

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Hi Microsoft,

I also received same message like this and in the content it talking about pervert thing and etc. Ask me to send coin to his digital wallet.

Please give some advice.

from

koh

73 people found this reply helpful

·

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

This is not a single user being hacked. Many users are reporting getting the same email from their own account. It appears either Microsoft's email servers are what was "hacked" more generally or an email spoofing has taken place on a mass level. I just found the same in my junk/spam so Microsoft's spam filters at least are already aware this is a widespread problem. I already have had two-factor authentication been on, no one using the sign-in recently, no unusual devices having been signed-in from and there is no spyware/malware/virus on any devices with the email access. Presumably the hacker would actually know something relevant from the email account if the message were true anyway.

103 people found this reply helpful

·

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

I have the exact same problem!

I've also changed my password now. But it's strange, I would've thought that if someone truly did hack into our accounts, one of the first things they'd do is change our passwords?

Could someone from Microsoft please verify if these emails are indeed coming from our own email addresses or if the scammers are using some other methods please?

Thank you urgently.

48 people found this reply helpful

·

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

>> I would've thought that if someone truly did hack into our accounts, one of the first things they'd do is change our passwords?

Exactly. The first thing they would do is kick you out and make sure you can't get back in. They'd change your password, second factor, recovery questions etc.

No one can help you verify except yourself (the person who receives the email). Check the mail header:

- right mouse click the email, click View - View Message Details

25 people found this reply helpful

·

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Thank you for taking the time to respond.

I realy am a nube when it comes to these topics.

All emails go to spam except for the ones send by emailaddresses I approved. I have not clicked on any other suspicious mails and I've seen no suspicious activities on my account. Some time ago someone else used my phone and clicked on an add and since then I received so very many spam/phishing etc. emails. But none of them using my own emailaddress. This was a first, so I wanted to know what's up. How this can happen.

8 people found this reply helpful

·

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Hi Microsoft,

I also received same message like this and in the content it talking about pervert thing and etc. Ask me to send coin to his digital wallet.

Please give some advice.

from

koh

I had the exact same thing and it really does look like they sent it from your own email address it is so strange lol

28 people found this reply helpful

·

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

* Please try a lower page number.

* Please enter only numbers.

* Please try a lower page number.

* Please enter only numbers.

 
 

Question Info

Last updated April 26, 2025 Views 58,593 Applies to: