I started to get these daily at random hours, even when I'm sleeping. Someone's trying to hack me?

sleepmode , 2 hours ago

If this isn’t a phishing email itself, your email address was probably harvested from a compromised site you used it to sign up with. There are sites where you can check to see if it’s compromised. This is why I started using email aliases when signing up for any site or service. It shows where it was compromised or you’ll find some companies will share it with partners or sell your info sometimes.

Vorticity , 6 minutes ago

When you say email aliases, what do you mean? A lot of services strip plusses from emails now, right?

lvxferre , 3 hours ago

When I started getting those I closed my account down, just to be sure. I don’t even remember why I had a MS account.

citrusface , 4 hours ago

I get em too fam. Sure up your passwords (I use bitwarden) and 2fa everything and you’ll be fine. I’ve ignored them for years and all is well.

snooggums , 4 hours ago

Do you have 2 factor authentication set to be sent to email? If not, it is definitely phishing but unfortunately they might be able to spoof an official microsoft email account.

Is the “Microsoft account team” email coming from an official email account? If not, it is definitely phishing and you can block the address and report as spam/phishing.

LaserTurboShark69 , 4 hours ago

I’ve gotten a bazillion of these in the past couple years. According to Microsoft I can safely ignore it so I guess I’ll just do that since I’m not sure what else to do about it.

possiblylinux127 , 5 hours ago

Change your password to a randomly generated password and them setup 2FA

Do not click on anything in the emails as they may be phishing attempts

MajorHavoc , 5 hours ago (edited 1 hour ago)

If it keeps happening, prefers middle of the night (to where you live) hours, and you often get a really big batch in a row, then yes, it’s probably an attempted hack.

In any case, I would making sure your password is strong and isn’t reused anywhere else, and set up multi factor authentication…

Edit: It was pointed out to me that this has an approve/deny on it. Looks an awful lot like an MFA Fatigue attack. The attacker plans to keep doing it until you slip up and approve it accidentally while fumbling to unlock your phone at midnight sometime.

You should change your password immediately, if you haven’t already.

Weird. Sure looks like MS may be sending these without requiring your password. That’s…not great. Because of the fatigue attack aspect. See what you can configure. I would disable this function on my account, if I could.

Again, that’s if you’ve gotten dozens of these. If you got 3, it’s someone who mistyped their email as yours.

RestrictedAccount , 4 hours ago

The message is multi-factor

MajorHavoc , 1 hour ago

Oh, I missed that in the gutter of the message.

This is a common attack tactic, then, called MFA Fatigue. It also means they probably have Ops password already. Or Ops service provider is doing something dumb. (MFA requests shouldn’t be sent out without the other factor being known.)

ricecake , 5 hours ago

It is actually safe to ignore them. It means either someone has an email address similar to yours, or a bot of some sort has you email address and only your email address.

Essentially, someone or something goes to the login screen, enters your login, and says “I don’t have the password, let me in!”.
Sending a code to your email like this is the first step in letting someone in without the password, or more specifically to having them reset it.

Since the email is to check “did you ask for this?”, doing nothing tells them that you did not.

If you want some extra peace of mind: account.live.com/Activity should show you any recent login activity which you can use to confirm that no one has gotten in.

Also, use two factor, a password manager, and keep your recovery codes somewhere safe. The usual security person mantra. :)

ech , 4 hours ago

This is all good information and seems well intentioned, but it’s worth pointing out in a post about account security that clicking links provided by others and giving it your login information is very unwise (even/especially links in emails like these). For the link you provided, it’d be better to recommend going through a primary microsoft page or login that can be confirmed by the user and getting to the activity history page from there

ricecake , 2 hours ago

That is wonderful advice and I’m glad you pointed that out. :)

If I knew how to give directions to the page, I would, but unfortunately I don’t know the Microsoft site layout, only the URL that their help center directed to.

In mitigation of my indiscretion: it’s generally safer to trust a person you approach out of nowhere than to trust someone who approaches you out of nowhere.
Since they chose the venue and asked the question, the likelihood that an attacker is present in the replies is lower than the expectation that an unsolicited email is from an attacker.

But it’s also entirely correct to be distrustful of anything anyone asks you to click on, triply so if it involves security or login pages.

OfficerBribe , 36 minutes ago

For MS guides there usually is an article under support.microsoft.com or learn.microsoft.com (usually more advanced, admin related documentation for company / enterprise level stuff) domains. Here’s an article for checking activity.

eezeebee OP , 3 hours ago

Also, use two factor, a password manager, and keep your recovery codes somewhere safe. The usual security person mantr

Well, I found the recent activity and none of these were me. At least they all appear to say Unsuccessful sign-in.

https://lemmy.ca/pictrs/image/ba2deda6-50ec-4827-9c0e-5e1ec17ada7d.png

ricecake , 1 hour ago

Yup, that would indicate that likely a bot is trying to guess it’s way in.

You are still safe.

The only weird thing here is that Microsoft lets such things bother you instead of guessing that you didn’t teleport to Brazil and instead putting a little extra burden on the Brazil end before sending you an email.

If you’re still feeling worried, the biggest thing you can do is enable two-factor auth (which you should do anyway), or even better: enable something like passkeys which are very secure and also easier than username/password.

Two-factor/password manager is the “remember to brush and floss” of the security industry, so… Please do those things. :)

skullgiver , 1 hour ago

Change your password. When they get to the “provide a token” part of the login, they’ve already guessed your password correctly.

Set up non-email 2FA as well if you haven’t already.

hinterlufer , 56 minutes ago

You can create an email alias for your Microsoft account and then only enable login from that account. If you then do not use that email for anything but the login, you should be pretty safe from credential stuffing attacks.

I had a very similar issue with multiple failed login attempts and changing my login email stopped it right away.

creditCrazy , 33 minutes ago

Considering most of the attempts are from India and Brazil I suspect a service you signed up for has sold your email to unsavory data brokers and now a bunch of scam companies are doing that MFA attack on you

Rhynoplaz , 5 hours ago

It’s common for people to get these when their email address is similar to my dad’s and he forgets his password again.

eezeebee OP , 5 hours ago

Part of my concern is the email has part of an uncommon spelling of name + some numbers. And that it started all of a sudden, every day. The email is several years old and only now it’s begun happening every day.

disguy_ovahea , 5 hours ago

Create an email alias and use it as the account address.

xantoxis , 5 hours ago

I hope you’ve turned on 2FA.

dohpaz42 , 4 hours ago

FYI, the emails the OP are getting are the 2FA Time-based One-Time Password (TOTP). So OP in fact does have 2FA enabled. 😊

Ps. I’m not being sarcastic.

Never mind. I misunderstood what the email was being sent for. My apologies.