Aug 07 2023 09:40 AM
Hi there, I recently began getting a LOT of emails from Microsoft with single use codes. There is no way I was genuinely generating these myself. Any time I need one, it arrives and I use it with no issue. But these additional ones were concerning me. The times also suggest this might be a real person in my time zone. There are patterns.
I turned off that particular alias for sign in, now when I try to use that the log in screen will outright tell me "This alias is turned off for sign in". So it should be impossible to get emails citing that alias, right? Well I am still receiving them. My question is, can I write those off to simply being spam? Or, can they still be generated if someone is clicking one of the various 'forgot username / Reset account associated with this alias' options?
I have checked and the From address on these single use codes are the exact same as the legitimate ones I use from Microsoft. They also are consistent and appear (formatting wise) to be legitimate Microsoft emails. They also tell me to ignore it if I didn't request it etc, whereas we know most phishing emails look odd and will often not mention that choice as they want an action performed.
How can I verify this? Microsoft Account recent activity does not show corresponding failed logins when these begin to filter through.
Aug 07 2023 05:31 PM
Aug 13 2023 01:40 AM
I am still getting a tonne of these. The email address mentioned on them has also been turned off for sign in. So is this legit?
Aug 20 2023 03:03 PM
Aug 20 2023 04:06 PM
Aug 21 2023 02:11 AM
SolutionHi forum, I have solved this issue once and for all. And having looked at similar threads across the web, nobody else seems to have figured this out. The general articles from Microsoft are fine but they don’t help here.
I’m talking about the plain, text only ‘single use code’ emails.
these were coming from the legitimate Microsoft address too, and had cited my main Microsoft account - despite the fact I turned that email address off for sign in.
I also checked ‘recent sign in activity’ as Microsoft recommend in these situations, not one single unrecognised attempt or anything was displayed.
These codes are coming from the ‘forgot Microsoft account username’ form. This triggers these plain text only / no formatting reset codes.
they were coming from other accounts that have my Microsoft account email address as a recovery address!!!
I logged into these other (usually old abandoned Microsoft accounts I had years ago) and saw the unsuccessful login attempts - one for each spam email code I received.
my thought is these old email addresses (and passwords) were leaked online somewhere and now someone or some bot is repetitively trying to login with the correct password but being asked for a single sign on code due to how long these other Microsoft accounts have been dormant - in other words, as I haven’t logged into them in so long, the system triggers this email.
I hope this solves it for anyone else getting spammed with these single sign on codes. They are legitimate. That’s the context behind them.
in my case I’m permanently closing these old accounts which I suspect will stop the code spam.
To find accounts that your Microsoft account is tied to as a recovery address, search Microsoft forgot username. Complete that form and it will email you, then show a part censored list of addresses. You can then go back and resecure these and close or secure them as desired.
I hope this is useful.
Nov 09 2023 07:03 PM - last edited on Feb 26 2024 09:54 AM by EmilyPerina
Nov 09 2023 07:03 PM - last edited on Feb 26 2024 09:54 AM by EmilyPerina
It's concerning that you're receiving unexpected single-use codes from Microsoft despite disabling the associated alias for sign-in. While it's possible that these emails could be spam, the persistence and apparent legitimacy raise valid concerns. It's crucial to consider the possibility of someone attempting to access your account through other means, such as using the "forgot username" or "reset account" options. Even though the alias is turned off for sign-in, it doesn't necessarily prevent someone from attempting account recovery using that alias, resulting in the generation of single-use codes. To verify the legitimacy of these emails you may want to contact Microsoft support for a more in-depth investigation into your account activity and to ensure that your account security is not compromised.
Apr 24 2024 08:04 PM
@ShaneBunting You are 1000% correct. Thank you so much for this! I had people across the globe trying to access my account for the past year. You are amazing!
Aug 21 2023 02:11 AM
SolutionHi forum, I have solved this issue once and for all. And having looked at similar threads across the web, nobody else seems to have figured this out. The general articles from Microsoft are fine but they don’t help here.
I’m talking about the plain, text only ‘single use code’ emails.
these were coming from the legitimate Microsoft address too, and had cited my main Microsoft account - despite the fact I turned that email address off for sign in.
I also checked ‘recent sign in activity’ as Microsoft recommend in these situations, not one single unrecognised attempt or anything was displayed.
These codes are coming from the ‘forgot Microsoft account username’ form. This triggers these plain text only / no formatting reset codes.
they were coming from other accounts that have my Microsoft account email address as a recovery address!!!
I logged into these other (usually old abandoned Microsoft accounts I had years ago) and saw the unsuccessful login attempts - one for each spam email code I received.
my thought is these old email addresses (and passwords) were leaked online somewhere and now someone or some bot is repetitively trying to login with the correct password but being asked for a single sign on code due to how long these other Microsoft accounts have been dormant - in other words, as I haven’t logged into them in so long, the system triggers this email.
I hope this solves it for anyone else getting spammed with these single sign on codes. They are legitimate. That’s the context behind them.
in my case I’m permanently closing these old accounts which I suspect will stop the code spam.
To find accounts that your Microsoft account is tied to as a recovery address, search Microsoft forgot username. Complete that form and it will email you, then show a part censored list of addresses. You can then go back and resecure these and close or secure them as desired.
I hope this is useful.