I've gotten emails the past two days, supposedly from the Microsoft team with this message:

Microsoft account team <no-reply@microsoft.com>

To You:

Unusual sign-in activity

We detected something unusual about a recent sign-in to the Microsoft account [my email address].

Sign-in details

Country/region: United States

IP address: 100.255.00.00 [I changed the numbers of course]

Date: Wed, 13 Jul 2022 04:29:44 +0000

Platform: Windows 10

Browser: Firefox

A user from United States just logged into your account from a new device, If this wasn't you, please report the user. If this was you, we'll trust similar activity in the future.

They have sent me two of these emails, and I'm not exactly sure what to do.

I have Windows 11 where I am now, and the last time I used the account with Windows 10 was July 9 in Los Angeles, the day we left to come ;here, and so I could not have logged into my account on July 13.

They sent me another email the next day saying that this had happened again on the same day, but at 11:34:26 and with a different IP address.

There is a blue box I could click on that says "Report The User" but I do not know whether this would be a good idea..

Should I delete my Microsoft account? I know I needed it for Windows 11, which I am using here, but I don't know why.

Change your password on the effected account. If the notifications are authentic...that should solve the problem.

Don’t click on anything in those emails.

Why oh why oh why do people think the internet is safe/private/safe!!!?

My son is a cyber security expert with one of the big 4 accounting firms. You should never click on any of those links that say ”to report”. If you are unsure, log in directly to your account, not through a link.

Get ahead of the crowd. Include job seeking/dating info in your information. If it all is going to get stolen and spread around anyway, you might as well use it as free advertising.

Lars, go directly to the Microsoft home page and click on help - then ask if these emails are legit. They are very similar to the legit email I got when I got a new device, but scammers are very good at spoofing. Did you try hovering over the sender's name to see the actual sender's email?

Do change your password.

From the Microsoft home page, they want me to re-enter my password, but I cannot find where I wrote it down. It's a completely different password from what I have used before. I do not use the Microsoft account for anything other than to get Windows 11 initiated, and so I do not see what danger I am in. I think that Microsoft is just trying to get me more involved with them.

When I hover over the sender's name, it does show up as <no-reply@microsoft.com> and so I think that it is legitimately from Microsoft, but I still feel that I do not need to get further involved.

For some reason, I was able to change my password today, and so I did that. I do feel a bit better now, but I'm not really sure that anyone hacked my account. If they did, they won't be able to do it again. Since I only got the message on July 13 and then never again, I felt that it wasn't too serious. The most they could have done was to read my hotmail, and there's nothing incriminating there.

Isn't hotmail a microsoft email service?

MS wouldn't have sent the email without reason - not just to "get you more involved". Someone tried, and ? succeeded, twice, - if you let MS know that it wasn't you or your device (do you use Firefox as your browser on that machine?), they will take steps to identify and block that hacker (and you won't have to do anything more.)

The hackers try to hijack an email account or device, to pump out their spam/scam/virus infected emails. I recently got such an email from an old contact that was exactly that. Fortunately I didn't open it because I was suspicious of the subject line, and why this person would send it to me.

If you have updated or reset your device, gotten a new ISP, or maybe a new modem, that can also cause MS to think it is a new device (doesn't sound like that could be your case.)

Did you know that there is a way to see where the IP is from? Google "dnschecker.org" where you can paste the IP numbers from the MS email - then see where the attempt really came from.

http://itools.com/tool/arin-whois-domain-search

I did the search for the domain addresses, and they are both in South Brisbane, Australia.

So you are saying now that I should click the "Report Now" button? I am suspicious because the email said that it was a user from the United States, and that was not the case.

I cannot find a way to report this issue on the Microsoft.com website.

Personally, Lars...I'd let it go. By supplying the search site, I wasn't advising anything further than giving you a site to ID the #s. Now you know it wasn't legit and anything further may just end up in a dead letter type file. Make sure you have a strong virus protection program on your systems...and as advised above...don't ever click on anything that's not familiar to you. Sites like Whois are primarily for business/commercial use where there are often many, many attacks that need to be ID'ed and stopped.

ETA: There's an Australian retail site of some sort that's been bombarding the virtual airways for some time. I received a couple of ems from them and blocked them at my em site. My virus protection program has also blocked them. I never opened the ems. I just knew they weren't legit and proceeded accordingly. You can do the same.

Lars, if you really want to be sure, there are two more easy things you can do. Those mails could be fake and you shouldn't click on anything, as always, until you are sure they are legit.

I would do them because I hate the hackers and want to report all that I can. Plus I am just curious. It only takes a minute or so for each.

You can do this in your inbox, junk folder or deleted folder. Position your cursor over the circle to the left of the unopened email's "From" line and right-click. You will get a drop-down menu that has an option "view > view message source". Click on that, which will open up the "headers" - a whole bunch of routing information. Look for a paragraph, usually 4th or 5th from the top, that starts with "Authentication-results"; that line will have the sender IP. You can enter that IP into the site DNSChecker.org and you will find out if the emails really came from Microsoft. (the rest of that paragraph should also show that it is from a MS address.)

You can also look at the sign in activity on your account: https://support.microsoft.com/en-us/account-billing/check-the-recent-sign-in-activity-for-your-microsoft-account-5b3cfb8e-70b3-2bd6-9a5 to see if there really was a sign in from a new device.

It's standard boilerplate information when it's legit and it's phishing for info when it isn't. Breeches are an everyday occurrence and most of us wouldn't even know they occurred if they weren't reported to us. Don't click on links. Go directly to websites if you feel the need to check on or report something. Those a user tried to log in from an unknown device messages are a daily occurrence in my junk mail folder. I don't even bother to open them. Hit delete and go on with my day. Never had anything really hacked online. I have had a credit card cloned a couple of times but I've been notified almost immediately and a quick phone call takes care of it. Most banking institutions seem to be pretty well on top of credit card fraud these days. You certainly find out faster online than if you had your identity compromised by snail mail or writing checks.

To Lars:

Your email sounds a bit like a malcontent fishing for information. Before you open the email, rest your cursor over the sender's name and its underlying email address will appear. If it is not from Microsoft or a service hired by Microsoft, its probably a scam.