Single Use Code Spam

ShaneBunting · ‎Aug 07 2023

Hi there, I recently began getting a LOT of emails from Microsoft with single use codes. There is no way I was genuinely generating these myself. Any time I need one, it arrives and I use it with no issue. But these additional ones were concerning me. The times also suggest this might be a real person in my time zone. There are patterns.

I turned off that particular alias for sign in, now when I try to use that the log in screen will outright tell me "This alias is turned off for sign in". So it should be impossible to get emails citing that alias, right? Well I am still receiving them. My question is, can I write those off to simply being spam? Or, can they still be generated if someone is clicking one of the various 'forgot username / Reset account associated with this alias' options?

I have checked and the From address on these single use codes are the exact same as the legitimate ones I use from Microsoft. They also are consistent and appear (formatting wise) to be legitimate Microsoft emails. They also tell me to ignore it if I didn't request it etc, whereas we know most phishing emails look odd and will often not mention that choice as they want an action performed.

How can I verify this? Microsoft Account recent activity does not show corresponding failed logins when these begin to filter through.

Kidd_Ip · ‎Aug 07 2023

@ShaneBunting

Can share the screenshot my message for easy understand your situation?

ShaneBunting · ‎Aug 08 2023

@Kidd_Ip

ShaneBunting · ‎Aug 13 2023

I am still getting a tonne of these. The email address mentioned on them has also been turned off for sign in. So is this legit?

ShaneBunting · ‎Aug 20 2023

Still no help on this. Can anybody tell me how to check if these are legitimate from Microsoft or not?

michaeljohnbelta · ‎Aug 20 2023

It's great that you're taking caution with these emails. Based on your description, it's possible that these emails https://spotifmania.com/change-credit-card-on-spotify/
could be legitimate notifications from Microsoft, especially if they contain consistent formatting and instructions to ignore them if you didn't request them.

If you've turned off the alias for sign-in and are still receiving emails to that address, it's worth considering a few possibilities:

Account Recovery Requests: Sometimes, account recovery requests can generate these emails if someone is attempting to regain access to an account associated with that alias.

Legitimate Usage: If you've used that alias in any capacity for Microsoft services, there could be automated processes or notifications associated with it.

ShaneBunting · ‎Aug 21 2023

Hi forum, I have solved this issue once and for all. And having looked at similar threads across the web, nobody else seems to have figured this out. The general articles from Microsoft are fine but they don’t help here.

I’m talking about the plain, text only ‘single use code’ emails.

these were coming from the legitimate Microsoft address too, and had cited my main Microsoft account - despite the fact I turned that email address off for sign in.

I also checked ‘recent sign in activity’ as Microsoft recommend in these situations, not one single unrecognised attempt or anything was displayed.

These codes are coming from the ‘forgot Microsoft account username’ form. This triggers these plain text only / no formatting reset codes.

they were coming from other accounts that have my Microsoft account email address as a recovery address!!!

I logged into these other (usually old abandoned Microsoft accounts I had years ago) and saw the unsuccessful login attempts - one for each spam email code I received.

my thought is these old email addresses (and passwords) were leaked online somewhere and now someone or some bot is repetitively trying to login with the correct password but being asked for a single sign on code due to how long these other Microsoft accounts have been dormant - in other words, as I haven’t logged into them in so long, the system triggers this email.

I hope this solves it for anyone else getting spammed with these single sign on codes. They are legitimate. That’s the context behind them.

in my case I’m permanently closing these old accounts which I suspect will stop the code spam.

To find accounts that your Microsoft account is tied to as a recovery address, search Microsoft forgot username. Complete that form and it will email you, then show a part censored list of addresses. You can then go back and resecure these and close or secure them as desired.

I hope this is useful.

EmilyPerina · ‎Nov 09 2023

It's concerning that you're receiving unexpected single-use codes from Microsoft despite disabling the associated alias for sign-in. While it's possible that these emails could be spam, the persistence and apparent legitimacy raise valid concerns. It's crucial to consider the possibility of someone attempting to access your account through other means, such as using the "forgot username" or "reset account" options. Even though the alias is turned off for sign-in, it doesn't necessarily prevent someone from attempting account recovery using that alias, resulting in the generation of single-use codes. To verify the legitimacy of these emails you may want to contact Microsoft support for a more in-depth investigation into your account activity and to ensure that your account security is not compromised.

kaypea8428 · ‎Apr 24 2024

@ShaneBunting You are 1000% correct. Thank you so much for this! I had people across the globe trying to access my account for the past year. You are amazing!

ShaneBunting · ‎Aug 21 2023