Microsoft account hacked! Fraudulent transactions

[Biscuitandacuppa]

Well I’ve been hacked tonight, someone hacked into my Microsoft Account and bought a £50 Xbox card and £53 FIFA game. I use PayPal for the Xbox so as soon as I realised what had happened I flagged the transactions in the resolution centre.

They had changed my Microsoft password so I reset that and can see unauthorised activity in my account and attempted log ins. PayPal have responded to my dispute and said the transactions are not unauthorised!

I contacted my bank but as the transactions are pending they can’t do anything either. I can’t even see where to contact Microsoft to get them to refund me. Really annoyed and a bit worried that I won’t be able ti get my money back. The reason I use Paypal in the first place is to have protection against fraud!

Anyone else been in a similar situation? How do I resolve this?

I’m so sorry this happened to you. First thing’s first, you should be able to get the money back once the transactions go through. Second thing is, someone once hacked my Amazon account and spent £100, the pending transactions never went through though (I can’t remember why this was so I’m sorry that’s not very helpful). So you never know if it might just not go through.

I would highly recommend turning on two factor authentication for your Microsoft account for when purchases are made. Then you’d get a text whenever there was a login attempt. The hacker would need your phone to be able to successfully make a transaction so it’s very secure.

Do you by any chance use the same password for most websites? Sometimes hackers find your email and password combo from one insecure site that they hack and then they try that combo on Amazon, Microsoft, Origin, Netflix etc. So try changing it up or using a password generator.

I’m sorry if any of this is teaching you to such eggs. The only thing you can do now is get the money back from your bank if/when the transactions go through. Then, going forward, you can employ the things I’ve said if you haven’t already. I hope things work out for you.

Suck eggs, not such eggs

Have you contacted Microsoft? Any PayPal dispute or bank chargeback will be against Microsoft so you could cut the middleman by contacting them directly

support.xbox.com/en-GB/help/subscriptions-billing/buy-games-apps/refund-orders

support.xbox.com/en-US/forms/request-a-refund

@Feliciacat @mashh thank you both for replying and for the links. I’m feeling a little less panicked this morning, it’s just a horrible experience.

Hey,

Ive been there and I felt shaken for about a week. It’s normal to be upset over a crime being committed against you so allow yourself to feel that.

Based on my experience, there are many professionals at the bank who see this every day and they can help you. To them, this is a common occurrence. Also based on my experience, I think PayPal and Microsoft will probably just tell you to contact your bank after the transactions go through to get the money back. That seems par for the course. By all means contact Microsoft though, I’m not actually an expert.

I hope today is a bit better for you :)

@mashh I tried the link but unfortunately as soon as I select gift card bought by unknown person it takes me straight to the security page to change my account settings. I already changed my password and activated two step authentication last night. I’m going to have to try live chat I think.
The FIFA game was sent as a ‘gift’ to an email account I don’t recognise and the code has been used so I can’t process a refund for that apparently!

@Feliciacat yes I think the bank will be the most helpful. I haven’t been hacked before, I’ve avoided the usual phone/email/text scams but obviously looking at the repeated attempts to sign in this was a professional hacker. Why Microsoft didn’t block my account after several attempts from London on an unrecognised IP address I have no idea! They emailed me after the purchases had been made to say there was suspicious activity!

Download Authenticator apt, if you log into your email it will ask you to log into your apt to confirm it’s you.

@Killingmytime i tried to do that and it wanted a monthly subscription fee?

I think BitWarden is free to use! It generates a new password each time you log in somewhere. Not quite the same as Authenticator Apt but it may help even so. I see you’ve changed to two factor verification too, that should prevent this happening again most likely.

So tonight I have spent on the telephone trying to sort out this issue.

Microsoft are basically useless! I spoke with a customer services person and explained that I couldn’t process a refund online because of the default to account security every time I selected an unknown person purchased the items. They said the only way around it was to put that I knew the person and then add in the text box that the account had been hacked. I pointed out that was ridiculous and as they could see the number of failed log in attempts and had themselves flagged suspicious activity why couldn’t they just process a refund on the phone, but apparently they can’t do that!!

The bank were helpful and could see that as I have a monthly game pass subscription to Microsoft the two payments had been marked by PayPal as recurring transactions. This is probably why their online resolution centre decided there wasn’t an issue despite PayPal also emailing me about suspicious activity. But as the payments are still pending the bank have flagged them as fraudulent and cancelled my card. So their advice was call PayPal.

Paypal closed their call centre at 6:30 so no further along and I won’t be able to call them until tomorrow evening. It’s a bloody nightmare.

On the plus side I installed Apple Pay and it instantly updated to my new card details so I can buy groceries until my new card arrives, once I figure out how it works that is……. 🤣

I also now have the IP address of the hacker and the gmail account the ‘gift’ was sent to. Was on my Microsoft account activity log.

So I can be sure I have enough protection is this something to do with a microsoft email account or something separate. How was the money spent, maybe I'm being a bit dense but I dont quite understand what you mean by a mircosoft account

@TimeForMeToF1y I have a Microsoft account, on it I pay for Xbox Game Pass and Office. They come out as monthly subscriptions.

@Feliciacat @Killingmytime @mashh result! After lodging a dispute last night with PayPal after they initially rules there was no issue, they have now ruled in my favour and decided the transactions were unauthorised and have refunded my money!
Thanks for the support.

E we have had the same thing though my son had his go Henry card linked and insufficient Funds for the £66 attempted payment. We have been in a mad loop resetting passwords but the hacker has got straight back in and changed the backup email to a mailnesia account. We've tried again to reset the back up email but have to wait 28 days to see if it's worked

@Blisterlip it’s so annoying isn’t it? At least you haven’t lost any money, it’s incredibly difficult to get past the automated system responses to get issues dealt with.

Just so you know, that’s not hacking. They got your email and password combo from a leak on another site and tried it on as many sites and services as possible including on your Microsoft account. This is why you should never use the same password twice.

@Biscuitandacuppa I’m so glad you got it sorted! :)

@Feliciacat - this wouldn't surprise me - sorry for wrong lingo. Who / what's behind that if not a hacker then?
We are in limbo currently as waiting to see if our request to set a new back up email is approved as Microsoft wouldn't change it right away. We get stuck in a loop where we get back in (recovering the account by answering security) then tried to reset the email associated with it then immediately it had the reset email as the mailmesia account

Have you reported all this to the police? These details should be able to be traced back to the users.

A bit late in the day but I've just had this happen. Paypal didn't want to know & closed the case once i sent them Microsoft's response. Bank refunded me the funds initially but then claimed it back because they said they weren't liable, I had to get a new bank card though.

Microsoft are absolute wankers, round & round in circles, they assure you they're sorting things but then they cut you off. Website support is a joke. However my refund is pending.

I also had a london address where my phone was apparently located, never thought anything of it at the time but i know better now.