New reports indicate that many people are now receiving passwordless sign-in emails that contain authentic Microsoft verification codes. When describing the situation, the affected users stated that they didn’t request the codes, but the emails are genuine. As such, they are curious to know if the Microsoft “Your single-use code” email they received is a scam.
Understanding if the Microsoft “Your single-use code” email is scam
Let’s face it; when multiple users receive an unexpected flood of authentic Microsoft verification codes, two things are usually involved. First, it could mean that an automated bot is at work. Alternatively, it could mean that bad actors are actively guessing email addresses and attempting to sign in using account enumeration.
According to Hackmanac cybersecurity experts, the Microsoft “Your single-use code” email is a scam. The researchers explained that threat actors are most likely using leaked databases to perform account enumeration attacks. These attacks allow them to spot email addresses linked to Microsoft accounts. Thereafter, they can use the accounts to carry out credential-stuffing attacks.
A Redditor on the r/GMail thread posted a screenshot of the Your single-use code email. Furthermore, the user asked if he needs to be worried about the email or take any action. Other users also mentioned that they received the same code-related email. One user, who also got the message, commented that the “email is legit,” but the attempt to log in is, no doubt, malicious.
As spotted by PiunikaWeb, an OP in the r/cybersecurity thread explained that the bad actors are just entering random addresses into a login portal. This is exactly what triggers the single-use code, which many users got in their email. With Microsoft sending an email, the attackers automatically confirm that the random accounts exist. This allows them to go ahead and perform credential-stuffing attacks.
What should you do when you receive the email?
As noted by a threat intelligence analyst, the bad actors don’t have your password. Instead, they’re only taking advantage of the Microsoft recovery system. The attackers are hoping that the flooded emails will confuse many users and push them into approving a prompt.
So, what exactly should you do when you get the Microsoft “Your single-use code” scam email?
- First, you must ignore the email. This means you should never click anything in the follow-up email.
- Another thing you can do is to change your password to something more complex.
- We also recommend turning on two-factor authentication.
Bottom line: As long as you don’t share the single-use codes with anyone, your account is safe. Following the steps above will also give your account extra protection against threats.
Add Comment