Asked by:
Help with netstat results

Question
-
Hi,
This isn't my area of expertise, in fact, it's quite a way off but I'm pretty technical minded so I can kinda work my way around and understand things as I go by following a guide.
With that in mind, please bear with and forgive me if I don't use the right terminology or confuse anything along the way because I've understood already that there's lot to learn in networking and really too much if you're just looking for a one off answers.
Anyway, long story short, I received a really odd email recently with an equally odd subject apparently from Steve someone at BA.com. Alarm bells were already ringing. When I opened it, which in hindsight was probably a step too far, there was a link followed by the British Airways email disclaimer information at the bottom.
I clicked the link (I know!) and it took me to a "hotmail" portal where it requested I enter my password. That was my exit point. And by the way, this was on my phone.
I'm naturally suspicious anyway and not unwise to phishing scams and things like that and tonight, for whatever reason, I think I read something about someone noticing unusual logins on their email, I decided to check mine on hotmail.
I was actually quite surprised that in the last month there had been around 15 failed login attempts using an incorrect password and worryingly a coupe of successful ones that I couldn't identify. I secured my account a bit more than it was and then,having the spare time and paranoid mind, I decided to run a few network checks, something I've dipped my toe into before.
A lot of what I found through netstat results, I've managed to identify and at least half understand. Enough to not be concerned anyway.
However, as I've read on and tried to learn exactly what bits could possibly be warning signs it seems the more I've learnt and checked, the more I've become confused as to what looks right and what doesn't.
For example, one guide I just read suggested paying particular attention to "unusual" foreign addresses without giving any examples of what unusual looks like.
Compared with the foreign addresses I was seeing previously during a check, addresses like these look unusual to me: 9:HTTPS, tag:HTTPS and unknown:HTTPS
It's not that I've noticed anything unusual with my machine but I have had a warning that my email has been accessed in the past and have an American friend who recently had her entire savings account emptied, really I'm just thinking better safe than sorry. I guess my question is, is this something not even worth spending on unless my machine has shown some signs of possible compromise or do those foreign address seem unusual?
- Edited by LookingForTheWayOut Wednesday, February 13, 2019 3:11 PM Added more to question
All replies
-
Hi,
It seems that you are facing an attack from a hacker.
You could refer to this thread: https://answers.microsoft.com/en-us/outlook_com/forum/all/is-it-spoof-attack-or-personal-information/21ac37bc-72f5-4ed5-b36e-ea9bb2f71f58
For further help, I suggest you submit a new case on Outlook forum as they will be more professional on your issue:
This is the Outlook forum link: https://answers.microsoft.com/en-us/outlook_com/forum?sort=LastReplyDate&dir=Desc&tab=All&status=all&mod=&modAge=&advFil=&postedAfter=&postedBefore=&threadType=All&isFilterExpanded=false&page=1
The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us.Thank you for your understanding.
Best regards,
Yilia
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.- Proposed as answer by yilia zhaoMicrosoft contingent staff, Moderator Friday, March 15, 2019 3:30 AM
-
I hope you've already changed your passwords for your email and bank accounts, as well as your computer.
You didn't mention having an antivirus software installed, or Windows Defender turned on, so that's my next recommendation.
Phishing emails typically only harvest your credentials and don't install malware unless you've downloaded software.
Without knowing what ports are being accessed by what addresses, or what software and services are running on your machine, it's impossible to know if you've been compromised. If this were my computer I'd either reload Windows from scratch (after backing everything up) or taking the computer to a professional that offers detection and cleanup of malicious software.