A bot or someone is CONTINUOUSLY trying to access my email account

Hello,

Thank you for your question and for reaching out with your question today.

If you believe that someone or a bot is continuously attempting to access your email account by inputting incorrect passwords, it's important to take immediate action to protect your account. Here are some steps you can take:

1. Enable two-factor authentication (2FA): Enable 2FA for your email account if you haven't already done so. This adds an extra layer of security by requiring a verification code in addition to your password when signing in. This way, even if someone has your password, they won't be able to access your account without the verification code.
2. Change your password: Update your email account password to a strong and unique one. Ensure that it's a combination of letters (upper and lower case), numbers, and special characters. Avoid using easily guessable information such as your name or birthdate. It's recommended to change your password periodically for better security.
3. Monitor your account activity: Keep a close eye on your email account activity. Check for any suspicious login attempts or unfamiliar activities. Most email providers offer a feature to view recent login activity. If you notice any unauthorized access, report it to your email service provider immediately.
4. Use a reputable antivirus software: Install and regularly update a reputable antivirus program on your devices. This can help detect and block malicious software or bots that may be attempting to access your account.
5. Be cautious of phishing attempts: Stay vigilant against phishing attempts, as they are often used to gain unauthorized access to accounts. Be wary of clicking on suspicious links or providing your account information on untrusted websites or in response to unsolicited emails.
6. Report the incident: If you have already identified specific IP addresses that are continuously attempting to access your account, report them to your email service provider's support or abuse team. They may be able to investigate the issue and take appropriate action.
7. Consider contacting law enforcement: If you believe your account is under a targeted attack or if you have suffered any financial loss or identity theft as a result of this activity, consider filing a report with your local law enforcement agency.

Remember to regularly update your security measures, keep your devices and software up to date, and remain cautious while accessing your email account and online services.

I used AI provided by ChatGPT to formulate part of this response. I have verified that the information is accurate before sharing it with you.

If the reply was helpful, please don’t forget to upvote or accept as answer.

Our company is experiencing the same issue. We have two high-level exchange accounts being bombarded by automated bot password attempts. Microsoft actively blocks them all due to malicious IP addresses or locks the accounts after too many failed attempts. This has been going on for one week with over 3000 login attempts, each attempt from a unique IP address originating from all over the world.

The only solution we have found so far is to change the UPN (User Principal Name) in the Entra ID User page. Adding a number or a # in front of the UPN will change the user login so the bot or malicious actor will receive an invalid user message and never be offered the password prompt. For example, change @contoso.com to #@contoso.com.

We tested this, and there were zero unauthorized password attempts because the login was no longer available using the old UPN.

We are currently testing to see if the new UPN has access to all their resources.

When you log into Microsoft, you will need to log in using the new UPN #******@contoso.com. This does not affect email, and you can send and receive emails with the old username ******@contoso.com.

You many need to revoke sessions and tokens and re-authenticate to make sure you have access to all resources and application.

Hope this helps.