Sorry if this is a repost.
I haven't logged into my Microsoft account in weeks now, yet I've gotten three emails now with single-use codes. MS says that if i didn't request these codes, I can ignore the emails. But SHOULD I ignore these emails?
2H22 v 19045
I assume you have multi-factor authentication enabled on your MS (MS 365?) account. This symptom suggests to me that someone has learned the password to your MS account and is trying to login to it.
I suggest that you login to your MS account and change its password. If you use the same password elsewhere, you should certainly change it there, too, (to different values on each of them) assuming that whoever it is hasn't already done so and is misusing those other accounts.
That is one possibility, I have multiple machines and as I use 2FA frequently to verify my MS account, so I see a lot of these - but only legitimate ones I was expecting.
Another possibility is that they are spam and are trying to get you to reveal details of your MS account. If so, do NOT click anything in the email.
Are you sure they came from Microsoft? Look carefully at the raw message. All mine are....
From: Microsoft account team <account-security-noreply@accountprotection.microsoft.com>
Also, I've never seem MS say 'if you didn't ask for this, just ignore it'.
All mine have exactly the same wording (email address redacted):
Please use the following security code for the Microsoft account br**x@xxxxx.com.
Security code: 1234567
If you don't recognise the Microsoft account br**x@, you can click <link removed> to remove your email address from that account.
Thanks,
The Microsoft account team
But for whatever reason, I have not gotten any more of those MS emails since I did this posting.
I did save two of the three messages I received from MS:
They were identical except for the single-use code, and did not contain any clickable links.
Hi xxx@XX.XXX,
We received your request for a single-use code to use with your Microsoft account.
Your single-use code is: nnnnnnn
If you didn't request this code, you can safely ignore this email. Someone else might have typed your email address by mistake.
Have you checked under the security tab within your MS account to see if there are any unsuccessful log in attempts? If there are then someone has your log in details but the 2fa is stopping them.
If there are only successful attempts then the emails are scams intending to gather your sign in details.
The unsuccessful signins stopped about the time you posted.
Then they recently started up again. So I looked under the Security Tab on my MS account and found roughly 50 unsuccessful attempts. They were from all over the world.
- US-, Kansas, California, Maryland
- Germany - always seemed to be the same location, but no information from the map
- China - several different locations
- Argentina
- Dubai
So I have to assume that my email address is being circulated on a dark web hacker forum. My MS password is 20 chars. I'm glad that MS has (apparently) very strong security.
Does anything show up here?
Have I Been Pwned: Check if your email has been compromised in a data breach
Probably stopped to recheck the credentials not realising the account is very secure. Eventually they should move on & the attempts will stop. I would consider changing the password.
If the password is being used elsewhere is another way the details could’ve been gained. I have individual passwords of 20 random characters for each account I have & 2fa on all which can use this.
Quote