[luismedel]

This is the most direct way to know if you're being spied. This, and having a honeypot URL that warns you each time it's visited.

Any other way can be easily circumvented. In theory, any smart enough malware could hide itself in presence of any kind of analysis tools.

[reallynotsure]

That's upsetting! I got 3 alerts so far within the last 5 months about suspicious logins (from Twitter, Facebook & Google). I was dismissing it telling myself I am being paranoid. Now I think my employer itself is spying on me?

The first alert was from Twitter. I am an H1B from India employed by a WITCH type Indian company working for an US client (probably top 3 in the world in what they do). One day, I saw some Twitter posts about how greencards for Indians would take decades or even 100 years. I was talking about this to a colleague on client's Microsoft Teams. Just as I mentioned this, teams got disconnected. Later that day, was talking to another colleague through same teams about same topic, again got disconnected. I thought it was odd, but dismissed. Then around 9 pm same day, I get an alert from Twitter that they prevented a suspicious login from an IP address in US.

4 weeks ago, I was talking about how my WITCH company manager is not letting anyone take vacation (from Sep-Dec, they are not letting any one take vacation unless absolutely necessary) to another colleague, through client's teams. 3 days later, I get an alert from Facebook that someone accessed by account, this time from Turkey.

Then 1 week later, got an email from Google with a security code that someone had requested for accessing the same Google account.

Don't know if I should just pack up and leave US at this point, lol!

[evilduck]

First, why are you accessing personal accounts on a company computer? That's reckless all by itself. Your personal information is up for discovery if the company gets into any legal problems. Keep your professional and personal computer uses separate. There's absolutely zero reason you need to be logged in to your personal Facebook and Twitter accounts at work.

Second, Twitter, Facebook and Google all provide enhanced account security options like Passkeys and MFA and it's clear you're not using them. Turn them on (and using your personal devices, not your work provided items) and your employer or any other random hacker is going to have a substantially harder time accessing your accounts.

[0xDEAFBEAD]

Are you sure they're accessing personal accounts on a company computer?

[evilduck]

If the accusation is against the employer, how would anyone at the employer know anything about their account details for personal websites otherwise? The Teams chat snooping is possible and even above-board but it's very unlikely they're chasing down and using your Facebook and Twitter credentials as part of any official company policy or action that's not being disclosed.

I'm not a lawyer but I don't think they have legal grounds to access an employee's personal accounts even if they have captured the credentials over their property. Accessing a third-party computer without authorization (i.e. accessing Facebook using someone else's credentials without permission and just discovered on company networks and/or hardware through normal logging and monitor) is likely a violation of the Computer Fraud and Abuse Act in the US. A company has rights to read any and all data stored on their property but conditions have to be met before they could use that information for any purpose (i.e. a judge orders it because a lawsuit is in progress because you're sending company secrets through personal accounts or something).

[K0balt]

I would enable cryptographic 2FA on all of my accounts where it is possible and run the 2FA on a discrete device (token dongle or an old phone with wifi and Bluetooth off, no sim)

[QuantumYeti]

I made a FB account to change a client's Page settings, and now I pretty regularly get emails from FB along the lines of "Having trouble signing into your account?" because there's been tons of failed repeated logins. I think it might just be a normal part of having a FB account? Can't speak for the other services.

[0xDEAFBEAD]

That doesn't sound normal to me. You should tell your client that someone might be trying to hack them.

[0xDEAFBEAD]

What would your employer's motive for spying on you be?

Might an external attacker be interested in the work you're doing for the client? For example, are you working with cryptocurrency? Countries like North Korea like to steal that stuff for sanctions busting.

If I were you I would bring this up with your boss. If that conversation leads you to believe that your employer is trying to hack you, I would probably quit. Otherwise your employer should know; this could be a good time to invest in countermeasures against an external attacker.