Microsoft Account team - single use code emails - is it a scam

Martinr36

Martinr36

MOST VALUED CONTRIBUTOR
Over the last couple of weeks I've randomly received 9 or 10 of these emails, naturally I've not used the codes or clicked any of the links as I didn't request them, the microsoft links look genuine, but what do folk think, tempted to go to microsoft and change password.

1716921949982.png
 
SpyderTracks

SpyderTracks

We love you Ukraine
Martinr36 said:
Over the last couple of weeks I've randomly received 9 or 10 of these emails, naturally I've not used the codes or clicked any of the links as I didn't request them, the microsoft links look genuine, but what do folk think, tempted to go to microsoft and change password.

View attachment 41169
Click to expand...
Hmmm, yes I would change your password. Do you have MFA setup? If not I would strongly suggest setting it up using the Microsoft Authenticator app
 
SpyderTracks

SpyderTracks

We love you Ukraine
Martinr36 said:
Password regenerated and authenticator added
Click to expand...
That's far better, any 2fa method that sends a code via text or email is not secure anymore, whereas setting up an authenticator app, especially microsoft authenticator and Apple MFA where it requests a confirmation code to accept the logon is highly secure.

I just use Microsoft Authenticator for all logons aside from Apple ones which is done via IOS / MacOS

You're much better off this way, it's never good when you can't be 100% sure if they're legit or why they're triggering, emails and texts just lead to too much doubt.
 
T

TonyCarter

VALUED CONTRIBUTOR
Have also set up some passkeys using MacOS/iOS/iPadOS biometrics, but some of the sites I’ve set this up with will randomly ask for username & password instead (VirginMedia being one) and then it won’t take the biometric passkey until I remove & re-add it.

If it doesn’t work consistently then you’re not going to convince everyone that it’s a good solution.

2FA and authenticator app will suffice for now (y)

But I do wonder if some of these deluges of ‘account access’ emails are social engineering, so that you check the authenticity of each of them diligently, and then they sneak in a dodgy one to trick you into clicking the link when you think you’re on top of it.

Of course, this would never work for experts like us ;)
 
Scott

Scott

Behold The Ford Mondeo
Moderator
M$ Authenticator is my chosen method also. The only pain is when it comes time to change phones etc, it's a small price to pay though. The good thing is you can have a few authentication devices. I had to do this when my phone got water damaged, just thankfully I had the keys stored.
 
You must log in or register to reply here.
Top