A bot or someone is CONTINUOUSLY trying to access my email account

Ms CAA 5 Reputation points
2023-07-07T06:47:17.44+00:00

I have taken time out of my day to report all of the ip addresses that have on several occasions within a day, and daily inputting the wrong password in an effort to access my email account!

Community Center | Not monitored
{count} vote

2 answers

Sort by: Most helpful
  1. Limitless Technology 44,766 Reputation points
    2023-07-07T12:32:19.4833333+00:00

    Hello,

    Thank you for your question and for reaching out with your question today.

    If you believe that someone or a bot is continuously attempting to access your email account by inputting incorrect passwords, it's important to take immediate action to protect your account. Here are some steps you can take:

    1. Enable two-factor authentication (2FA): Enable 2FA for your email account if you haven't already done so. This adds an extra layer of security by requiring a verification code in addition to your password when signing in. This way, even if someone has your password, they won't be able to access your account without the verification code.
    2. Change your password: Update your email account password to a strong and unique one. Ensure that it's a combination of letters (upper and lower case), numbers, and special characters. Avoid using easily guessable information such as your name or birthdate. It's recommended to change your password periodically for better security.
    3. Monitor your account activity: Keep a close eye on your email account activity. Check for any suspicious login attempts or unfamiliar activities. Most email providers offer a feature to view recent login activity. If you notice any unauthorized access, report it to your email service provider immediately.
    4. Use a reputable antivirus software: Install and regularly update a reputable antivirus program on your devices. This can help detect and block malicious software or bots that may be attempting to access your account.
    5. Be cautious of phishing attempts: Stay vigilant against phishing attempts, as they are often used to gain unauthorized access to accounts. Be wary of clicking on suspicious links or providing your account information on untrusted websites or in response to unsolicited emails.
    6. Report the incident: If you have already identified specific IP addresses that are continuously attempting to access your account, report them to your email service provider's support or abuse team. They may be able to investigate the issue and take appropriate action.
    7. Consider contacting law enforcement: If you believe your account is under a targeted attack or if you have suffered any financial loss or identity theft as a result of this activity, consider filing a report with your local law enforcement agency.

    Remember to regularly update your security measures, keep your devices and software up to date, and remain cautious while accessing your email account and online services.

    I used AI provided by ChatGPT to formulate part of this response. I have verified that the information is accurate before sharing it with you.

    If the reply was helpful, please don’t forget to upvote or accept as answer.

    3 people found this answer helpful.

  2. LM-5132 250 Reputation points
    2024-09-03T18:01:32.6666667+00:00

    Our company is experiencing the same issue. We have two high-level exchange accounts being bombarded by automated bot password attempts. Microsoft actively blocks them all due to malicious IP addresses or locks the accounts after too many failed attempts. This has been going on for one week with over 3000 login attempts, each attempt from a unique IP address originating from all over the world.

    The only solution we have found so far is to change the UPN (User Principal Name) in the Entra ID User page. Adding a number or a # in front of the UPN will change the user login so the bot or malicious actor will receive an invalid user message and never be offered the password prompt. For example, change @contoso.com to #@contoso.com.

    We tested this, and there were zero unauthorized password attempts because the login was no longer available using the old UPN.

    We are currently testing to see if the new UPN has access to all their resources.

    When you log into Microsoft, you will need to log in using the new UPN #******@contoso.com. This does not affect email, and you can send and receive emails with the old username ******@contoso.com.

    You many need to revoke sessions and tokens and re-authenticate to make sure you have access to all resources and application.

    Hope this helps.

    3 people found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.