Forum Discussion
OTP Code via SMS from non microsoft number
Hi Microsoft Team, Good day!
For a few weeks now, many people around me have been receiving their OTP code for MFA via SMS often from unknown senders (non-Microsoft phone number). The sender of the SMS doesn't use an official Microsoft phone number and "Microsoft" is not displayed as the sender.
I would like to request assistance on how to verify that these numbers are legitimately from Microsoft.
41 79 998 76 61 and 4915758307532.
Many thanks for your help.
Kind regards, Rosine
- ehalmiTkeCopper ContributorHello Rosine,
Thank you for raising this concerning situation. I would suggest to utilize Sign-in logs and filtering in the reported users. In there, you may see what attributes such as device type, application and location so you can better understand if the sign-in attempts are suspicious (for example unknown location). Additionally, you may utilize Identity Protection > Report > Risky users/risky sign-ins. Within there, you may see what Azure has supposedly understood about the user's sign-in, determine if it's thread actor and remediate by changing password for the user.
Relevant Document: https://learn.microsoft.com/en-us/entra/id-protection/id-protection-dashboard
Let me know if questions arise or how it goes.- Rosine_LEROYCopper ContributorActually, we already investigate the Sign-in Logs and haven't found any suspicious attempt or even unfamiliar successfull logons for the accounts that received these OTP SMS from non-Microsoft phone number. We would like to know if it is normal (expected) to receive an OTP code from a non-Microsoft number, from WhatsApp, from SIMBoss ... ?
Many thanks in advance for your answers. Kind regards, Rosine- ehalmiTkeCopper ContributorHello,
Microsoft usually doesn't send OTP codes over third-party such as WhatsApp. This may be simple SMS-phishing, especially if there is a link or urgency.
SMS OTP is always sent over phone number and it looks like the following parsing:
Use verification code ###### for Microsoft authentication.
- Rosine_LEROYCopper Contributor
Hello,
The SMS OTP is actually sent from a normal phone number (from the country the person is from), but through WhatsApp. The parsing described above is used in the messages we have seen. Can you please confirm that this method can be used by Microsoft MFA system?
As mentioned in this post: https://www.linkedin.com/posts/rnagbanshi_phone-authentication-methods-microsoft-activity-7120523314753679360-Cc-F