A few days ago Microsoft notified me that someone tried to hack into my Outlook.com account from a bogus IP address. (I don’t use the Outlook email program; I use the email address.) The source IP address is reserved space owned by UK’s MOD and isn’t facing the Internet. MOD are wholly unlikely culprits, so it was almost certainly spoofing — sending false information in their traffic headers. That’s pretty hard to pull off because of what’s involved in how the DNS servers handle such things. Just to make sure, I changed my password, but that’s the account I use least.
This incident by itself means nothing; for now it’s just a random thing. But any more of it would represent targeting. Right now, I’m without a clue what could possibly be behind it. In fact, getting a free account for Outlook.com is so easy that I can’t imagine what use anyone would have for trying to hijack mine — unless they plan on using it to impersonate me and fool someone who knows me. I’m not sure I can cook up a scheme by which you would be warned it’s not me unless every one us all agrees together to start using the exact same kind of encryption software. That’s a bit much to ask with nearly 800 subscribers to this blog.
At any rate, I’m just letting you know in case this becomes an issue.
Update: Turns out this was something that hit a large number of users, so it’s unlikely a targeted attack.