I sure don’t feel safe just ignoring it, considering the frequency.
deleted by creator
If this isn’t a phishing email itself, your email address was probably harvested from a compromised site you used it to sign up with. There are sites where you can check to see if it’s compromised. This is why I started using email aliases when signing up for any site or service. It shows where it was compromised or you’ll find some companies will share it with partners or sell your info sometimes.
When you say email aliases, what do you mean? A lot of services strip plusses from emails now, right?
Not sure. But Proton, Apple, passmail and some other providers have a way you can create email aliases on the fly that forward to your real address. I think Microsoft does too but it was limited last time I looked at it.
Thank you, I’ll look into options.
You can use something like SimpleLogin to create email aliases that can’t be traced back to your real email address.
Edit: other options are available, such as Firefox Relay which does exactly the same thing.
I used to use Relay but they had gotten added to a couple of disposable email block lists and because of that started having issues with my accounts…
Idk if SimpleLogin has that same issue or if there’s a way around the problem entirely
Use Microsoft authenticator on your account, it won’t stop people from trying to access your account but you’ll stop getting these and it’s generally safer than any kind of email based 2fa
Change your password to a randomly generated password and them setup 2FA
Do not click on anything in the emails as they may be phishing attempts
Just to be clear, change your password by manually typing in the address of the service in question.
Do not use the link in the email to navigate to the service for password changing.
I got one of these emails. It isn’t even MFA, nothing to reply with the code to. It doesn’t even say which Microsoft account, it sent it to my GMail recovery account. It’s so utterly bad not being able to trace the attempt to its source. It’s sus that I’m not the only one to have recently experienced this out of nowhere. Maybe it’s an attempt to farm valid Microsoft emails from the way this service behaves?
If it happened on a MS account you have, you can check the activity part of the account, it should list all login attempts and give you an IP for each.
Do you have 2 factor authentication set to be sent to email? If not, it is definitely phishing but unfortunately they might be able to spoof an official microsoft email account.
Is the “Microsoft account team” email coming from an official email account? If not, it is definitely phishing and you can block the address and report as spam/phishing.
When I started getting those I closed my account down, just to be sure. I don’t even remember why I had a MS account.
I don’t even remember why I had a MS account.
If you’re of a certain age, probably MSN Messenger
I am of a certain age and I did use MSN Messenger back then, but I find it unlikely - it’s calling me by a pseudonym that I coined rather recently. (There’s no way I give my actual name to businesses out there, unless I’m planning to buy stuff.)
Change your password to something strong, 20 characters plus, and setup 2FA with a 2FA app, google authenticator or Microsoft Authenticator
If you’re not using a password manager, now is a good time to start. Bitwarden is free and open source
I’ve gotten a bazillion of these in the past couple years. According to Microsoft I can safely ignore it so I guess I’ll just do that since I’m not sure what else to do about it.
It is actually safe to ignore them. It means either someone has an email address similar to yours, or a bot of some sort has you email address and only your email address.
Essentially, someone or something goes to the login screen, enters your login, and says “I don’t have the password, let me in!”.
Sending a code to your email like this is the first step in letting someone in without the password, or more specifically to having them reset it.Since the email is to check “did you ask for this?”, doing nothing tells them that you did not.
If you want some extra peace of mind: https://account.live.com/Activity should show you any recent login activity which you can use to confirm that no one has gotten in.
Also, use two factor, a password manager, and keep your recovery codes somewhere safe. The usual security person mantra. :)
This is all good information and seems well intentioned, but it’s worth pointing out in a post about account security that clicking links provided by others and giving it your login information is very unwise (even/especially links in emails like these). For the link you provided, it’d be better to recommend going through a primary microsoft page or login that can be confirmed by the user and getting to the activity history page from there