Microsoft message my account being used by someone else

[villageidiotY2K]

Hi, there I use gmail, but got I below msg from genuine MS.

Whyis this the case?

As mentions below someone is using my email trying to hack or something?

 

[0ffshore360]

My question is how did Microsoft receive the request for an otp to access your account? And why did they not require some verification before so happily  providing  an otp?

[FritsSikkink]

38 minutes ago, 0ffshore360 said:

why did they not require some verification before so happily  providing  an otp?

They did by sending that mail.

[pdinbkk]

Someone has attempted to login to your email account and requested a one-time pass code.  As they are not already logged into your email, they did not get access to this OTP. It can occur when someone types the wrong username by mistake. 

 

For example if your username was [email protected] and you accidently typed [email protected] and requested a OTP, then the actual user [email protected] would receive an OTP, but you would not gain access to his account.

 

If you didn’t request this code, it’s possible that someone else might have typed your email address by mistake.  It could also be a sign of someone trying to gain unauthorized access to your account.

[Tropicalevo]

I just put things like that straight into the spam folder.

eg read the line above 'Thanks'

I try not to use Microsoft products. I never receive messages from them, so I cannot tell if those are real websites or not.

[villageidiotY2K]

wabbi

Edited May 28 by villageidiotY2K

[1DegreeN]

If you check your Microsoft account manager page (account.live.com), under Security there is an option to "Show Sign-In Activity". For myself, and I think I will be typical, it shows 2 or 3 attempts every hour every day to hack into my account, from all around the world. 

[Brock]

I get several a day. they just get deleted. Its an attempt by a bot probably to hack into your account. As you have a multiple factor authentication activated, the needed one time code gets sent to your phone.

If you have any concerns, delete all the messages, then login to your account and change your password.

[villageidiotY2K]

for those that rcv this message as me, u must have visited some naughty video site

[TigerandDog]

it's a scam. Ignore it & delete it after you report it as a scam.

 

If you've seen any of the scambaiter videos on YouTube, viz. scammer payback and numerous others you'd know to ignore this email.  This is a common trick for scammers to get access to you computer.

 

Also the ONLY way Microsoft would contact you is if you are using Windows and Outlook/Hotmail.

 

If it is your gmail that someone has tried to access, then such an email would come from Google.

Edited May 28 by TigerandDog

[ian carman]

You can check the activity on your gmail account via the app 

[VBF]

7 hours ago, pdinbkk said:

Someone has attempted to login to your email account and requested a one-time pass code.  As they are not already logged into your email, they did not get access to this OTP. It can occur when someone types the wrong username by mistake. 

 

For example if your username was [email protected] and you accidently typed [email protected] and requested a OTP, then the actual user [email protected] would receive an OTP, but you would not gain access to his account.

 

If you didn’t request this code, it’s possible that someone else might have typed your email address by mistake.  It could also be a sign of someone trying to gain unauthorized access to your account.

And, critically, YOU, the rightful user have received the OTP, NOT the "someone else" if they exist.

As others have said, it's more than likely a SPAM bot.

 

Also, OP, how do you know the message was from "genuine MS"?    That "account-security etc" address actually is a genuine MS address but could be spoofed.

 

See this, independent  explanation https://security.stackexchange.com/questions/187152/is-account-security-noreplyaccountprotection-microsoft-com-a-legitimate-sende 

 

You're not the first, by the way - see https://answers.microsoft.com/en-us/outlook_com/forum/all/received-an-email-from-microsoft-account-team/62525205-a491-4a81-88e7-31a2e8e30e43?page=2

 

 

 

[Acharn]

11 hours ago, 0ffshore360 said:

My question is how did Microsoft receive the request for an otp to access your account? And why did they not require some verification before so happily  providing  an otp?

This is the request for verification. Somebody tried to log in to his account and had the correct password (or at least one that the operating system recognized). It's called two-stage verification. After they received the log-in they sent a request for verification to him. Since he didn't log in, the one time password (otp) is of no use to him, but the person trying to log in will be unsuccessful, too, because they won't have the otp. The op is confused, though. This can't be about his gmail account, because that's administered by Google. Whatever account this is, he should change his password immediately. Don't you have any accounts with two stage verification?

Edited May 28 by Acharn

[RobU]

It's not a genuine Microsoft email

[sandyf]

17 hours ago, villageidiotY2K said:

Hi, there I use gmail, but got I below msg from genuine MS.

Whyis this the case?

As mentions below someone is using my email trying to hack or something?

 

What you haven't said is if you have a MS account or not.

[sandyf]

10 hours ago, ian carman said:

You can check the activity on your gmail account via the app 

Nothing to do with gmail, message refers to suspicious activity on an MS account.

Genuine security messages from MS would go to the alternative contact address.

[ian carman]

Sandy f 

if you look at the OP you will see that he has a gmail account not MS and so therefore MS would not contact him Google would Correct??

[sandyf]

2 hours ago, ian carman said:

Sandy f 

if you look at the OP you will see that he has a gmail account not MS and so therefore MS would not contact him Google would Correct??

No that is not the case.

The message posted by the OP originated from what would appear to be Microsoft security, and that would only happen in respect of a MS account.

Microsoft accounts require an alternative contact email address and security messages are sent to that email in case the main account has been hacked.

If the OP has no MS account then the message has to have come from a bogus source.