Forum Discussion
Single Use Code Spam
- Aug 21, 2023
Hi forum, I have solved this issue once and for all. And having looked at similar threads across the web, nobody else seems to have figured this out. The general articles from Microsoft are fine but they don’t help here.
I’m talking about the plain, text only ‘single use code’ emails.
these were coming from the legitimate Microsoft address too, and had cited my main Microsoft account - despite the fact I turned that email address off for sign in.
I also checked ‘recent sign in activity’ as Microsoft recommend in these situations, not one single unrecognised attempt or anything was displayed.
These codes are coming from the ‘forgot Microsoft account username’ form. This triggers these plain text only / no formatting reset codes.
they were coming from other accounts that have my Microsoft account email address as a recovery address!!!
I logged into these other (usually old abandoned Microsoft accounts I had years ago) and saw the unsuccessful login attempts - one for each spam email code I received.
my thought is these old email addresses (and passwords) were leaked online somewhere and now someone or some bot is repetitively trying to login with the correct password but being asked for a single sign on code due to how long these other Microsoft accounts have been dormant - in other words, as I haven’t logged into them in so long, the system triggers this email.
I hope this solves it for anyone else getting spammed with these single sign on codes. They are legitimate. That’s the context behind them.
in my case I’m permanently closing these old accounts which I suspect will stop the code spam.
To find accounts that your Microsoft account is tied to as a recovery address, search Microsoft forgot username. Complete that form and it will email you, then show a part censored list of addresses. You can then go back and resecure these and close or secure them as desired.
I hope this is useful.
Hi forum, I have solved this issue once and for all. And having looked at similar threads across the web, nobody else seems to have figured this out. The general articles from Microsoft are fine but they don’t help here.
I’m talking about the plain, text only ‘single use code’ emails.
these were coming from the legitimate Microsoft address too, and had cited my main Microsoft account - despite the fact I turned that email address off for sign in.
I also checked ‘recent sign in activity’ as Microsoft recommend in these situations, not one single unrecognised attempt or anything was displayed.
These codes are coming from the ‘forgot Microsoft account username’ form. This triggers these plain text only / no formatting reset codes.
they were coming from other accounts that have my Microsoft account email address as a recovery address!!!
I logged into these other (usually old abandoned Microsoft accounts I had years ago) and saw the unsuccessful login attempts - one for each spam email code I received.
my thought is these old email addresses (and passwords) were leaked online somewhere and now someone or some bot is repetitively trying to login with the correct password but being asked for a single sign on code due to how long these other Microsoft accounts have been dormant - in other words, as I haven’t logged into them in so long, the system triggers this email.
I hope this solves it for anyone else getting spammed with these single sign on codes. They are legitimate. That’s the context behind them.
in my case I’m permanently closing these old accounts which I suspect will stop the code spam.
To find accounts that your Microsoft account is tied to as a recovery address, search Microsoft forgot username. Complete that form and it will email you, then show a part censored list of addresses. You can then go back and resecure these and close or secure them as desired.
I hope this is useful.
- kaypea8428Apr 25, 2024Copper Contributor
ShaneBunting You are 1000% correct. Thank you so much for this! I had people across the globe trying to access my account for the past year. You are amazing!