#319382 20-Apr-2025 10:01
This morning at 1.30am I got the below regarding my yahoo address.

 

 

 

We received your request for a single-use code to use with your Microsoft account.

 

 

 

Your single-use code is: 356194 (not the code they sent)

 

 

 

Only enter this code on an official website or app. Don't share it with anyone. We'll never ask for it outside an official platform.

 

 

 

 

 


There was no link to Microsoft to fool me into clicking it. I never requested a single use code. Deleted it. The email address it came from appeared legit. 

 

Any thoughts on if this is some new scam?

  #3365769 20-Apr-2025 10:08
i get these all of the time on one of my gmail addresses, not sure how to stop them.





 
 
 
 

  #3365777 20-Apr-2025 10:12
account-security-noreply@accountprotection.microsoft.com  is the email it came from. There was another email on the 10th that I deleted as was in a rush and on a ship. Geekzone sent me a query straight after it that it didn’t recognise the US ip address and was it me. I didn’t change the GZ password as I figured it was because of ships starlink connection. 

  #3365781 20-Apr-2025 10:42
I get them too. I assumed it was just scammers/bots trying to login to services with data breached email addresses, and it's activating the 2FA.

 

 

 

So 2FA is going it's job.



  #3365782 20-Apr-2025 10:42
I'm not sure how Microsoft's login process works, but:

 

If it prompts for a code before the password, then: someone's trying known/random email addresses looking for accounts. Nothing to really worry about, especially if your email address is made up of common words or names.

 

If it prompts for the password, then the code: your password may have been leaked. You might want to put your email address into HIBP and see whether it comes up with anything.

  #3365784 20-Apr-2025 10:51
If you want to scare yourself open authenticator and look at the attempted log ins. I get dozens of unsuccessful attempts a day. They are scraping leaks and site data to try their luck on those that have one password and no 2FA. It's backed up the decision to go fully unique passwords in a password manager and 2FA on all key or sensitive accounts.

