Email from Microsoft, someone else signed in

[panpete]

Please see attached screenshot - I made sure my name is not on it.
I have not pressed the blue "report" button even though the "from" address looks valid.
Should I just change my password?
What else do I need to do, thanks

 

[gentlegreen]

Likely a hoax.
Don't click on the link .
Get direct to your ms account another way and check'

 

[Pickman's model]

change your password and if you can activate that multi-factor authentication

 

[Artaxerxes]

Hover over (don’t click) the report button on a PC and it should tell you the url.

Change your password anyway

 

[mx wcfc]

I’d be suspicious of that. And, yes, change your password And others.

 

[panpete]

Thanks, I will change password.

 

[gentlegreen]

A user from Russia in Spain ???

 

[kalmatthew]

That looks like it might be a scam. Sign in would normally be 2 words. Without seeing the actual email there aren't other things that I can check. I would delete it. Changing your password is a good idea and as Pickman's says turning on multi factor auth is a good idea.

 

[Artaxerxes]

What I tend to do is check the from address, they spoof the name but the x@c.com is usually where it’s clear it’s from some hopeful spammer

 

[panpete]

A user from Russia in Spain ???

apparently.

 

[panpete]

What I tend to do is check the from address, they spoof the name but the x@c.com is usually where it’s clear it’s from some hopeful spammer

The form address looked valid, but I did not want to click the "report" button. I just changed password, I noticed a lot of spam in my inbox as well so maybe connected.

 

[moochedit]

Someone at my work fell for a fake "microsoft" email once and gave them their office365 login details. Their email account was then used to send spam emails to other people. Iirc the spammers also added a rule to the email account to delete replies sent to the emails.

 

[panpete]

Someone at my work fell for a fake "microsoft" email once and gave them their office365 login details. Their email account was then used to send spam emails to other people. Iirc the spammers also added a rule to the email account to delete replies sent to the emails.

Yikes, I am glad I did not press the blue button and just changed my password, and came on here, of course.

 

[moochedit]

Yikes, I am glad I did not press the blue button and just changed my password, and came on here, of course.

Yeah change your password just in case but not via any link in the email.

"From" addreses can be faked even if they look legit.

 

[gentlegreen]

Scams Details

Browse and view scams details reported to the BBB. Examine and share scams with others to help protect you from existing schemes.

www.bbb.org

The "Russian" bit was clearly designed to be scary.

 

[Ranbay]

IP Details For: 103.251.12.244

Decimal: 1744506100

Hostname: 103.251.12.244
ASN: 133047

ISP: Ancore Pty Ltd

Services: None detected
Assignment: Likely Static IP

Country: Australia

State/Region: New South Wales

City: Chatswood
Javascript disabled or geolocation map not available.







+−


Leaflet | © OpenStreetMap Terms
Latitude: -33.799999 (33° 47′ 60.00″ S)


Longitude: 151.183334 (151° 11′ 0.00″ E)

 

[moochedit]

IP Details For: 103.251.12.244

Decimal: 1744506100

Hostname: 103.251.12.244
ASN: 133047

ISP: Ancore Pty Ltd

Services: None detected
Assignment: Likely Static IP

Country: Australia

State/Region: New South Wales

City: Chatswood
Javascript disabled or geolocation map not available.







+−


Leaflet | © OpenStreetMap Terms
Latitude: -33.799999 (33° 47′ 60.00″ S)


Longitude: 151.183334 (151° 11′ 0.00″ E)

I'd take the "latitude and longitude" with a pinch of salt. Ip location traces rarely get the town right when i trace my own ip. The country is normally accurate though.

 

[panpete]

Yeah change your password just in case but not via any link in the email.

"From" addreses can be faked even if they look legit.

Thanks for letting me know about the "from" address being possibly fake.

 

[gentlegreen]

Microsoft Accounts Targeted by Russian-Themed Credential Harvesting

Malicious emails warning Microsoft users of "unusual sign-on activity" from Russia are looking to capitalizing on the Ukrainian crisis.

threatpost.com

 

[hash tag]

I have just received an email from some unknown source. The preview line started " I have some terrible news for you...."
I did not bother to find out what this news was, I just deleted/reported.

 

[panpete]

I just got another one, the same as before, I hope I don't keep getting them as it's going to be a pain changing my password.

 

[gentlegreen]

They're phishing emails - no need to change your PW.
TBH I don't even understand why you have one.
I only have one for Google / Gmail / Youtube...

 

[panpete]

I asked Microsoft for a code to another email address and this time, no code sent

 

[panpete]

They're phishing emails - no need to change your PW.
TBH I don't even understand why you have one.
I only have one for Google / Gmail / Youtube...

Good, I don't fancy changing passwords over and over again

 

[gentlegreen]

Mine tend to look like this one that snuck past GMail's filter...

 

[panpete]

Microsoft Accounts Targeted by Russian-Themed Credential Harvesting

Malicious emails warning Microsoft users of "unusual sign-on activity" from Russia are looking to capitalizing on the Ukrainian crisis.

threatpost.com

Thanks, apart from changing password, what can I do?

 

[gentlegreen]

Thanks, apart from changing password, what can I do?

flag them as phishing emails and hope they get filtered in future

 

[panpete]

flag them as phishing emails and hope they get filtered in future

thanks I reported the last one.

 

[Artaxerxes]

Thanks, apart from changing password, what can I do?

Nothing, just delete them.

I'm pondering deleting my spare account as I get 10 or so Junk Emails a day to it these days, but thats pretty much why I had that as a secondary address anyway. Any public or liable to leak sites get that one as my email address.

 

[panpete]

Hover over (don’t click) the report button on a PC and it should tell you the url.

Change your password anyway

Scams Details

Browse and view scams details reported to the BBB. Examine and share scams with others to help protect you from existing schemes.

www.bbb.org

The "Russian" bit was clearly designed to be scary.

After this thread - possible scam, I am glad I came on here to query my two - now I have another third one, do I really have to keep changing my password? It's becoming a pain.