Unauthorized login attempt

Question

Dear team,

Someone is repeatedly trying to access my account. I originally thought this was happening because I was 'passwordless' (where only an email is needed to trigger a prompt), but I have since re-enabled password security. Despite this, I’m still getting authenticator hits. How is it possible for the app to request approval if the attacker hasn't bypassed the password stage yet?

Answer 1

I'm sorry to hear that you're experiencing this issue. Login attempts typically occur when your email address has been leaked on the dark web. As long as these attempts are unsuccessful, your account remains safe. To prevent this, create a new alias for your account and set it as the primary. Then, configure your account settings to require sign-in only with this new identifier.

1. Log in to your Outlook email account: Outlook.com or https://account.live.com
2. Under your profile photo, click on "My Microsoft account."
3. On the new page, click "Your info" and locate the "Account info" section.
4. Click "Sign-in preferences" and, under "Account aliases," add a new email address or phone number that is not publicly known.
5. Ensure it’s a valid and accessible contact.
6. After adding, select "Make primary" to set this new email or phone number as your primary sign-in.
7. Scroll to "Change sign-in preferences," uncheck your current Outlook email address, and check the box for your new login method.

Important: DO NOT delete the current/old email address

This will keep your email account active for sending and receiving messages while preventing login attempts.

---

As an additional security measure, please see “How to help keep your Microsoft account secure.”: https://support.microsoft.com/account-billing/how-to-help-keep-your-microsoft-account-secure-628538c2-7006-33bb-5ef4-c917657362b9

Answer 2

How do I contact Microsoft support for this ?

Answer 3

I already reset my password, have 2FA enabled and ran antivirus scan. I am still getting these requests.

Answer 4

It sounds like your account is experiencing unauthorized access attempts, and the fact that you are receiving authenticator prompts despite re-enabling password security indicates that the attacker may have access to your authentication methods. Here are a few possibilities:

1. Compromised Authenticator App: If the attacker has access to your device or the authenticator app itself, they could be generating the approval requests without needing to bypass the password stage.
2. Phishing or Social Engineering: The attacker may have obtained your credentials through phishing or social engineering tactics, allowing them to initiate login attempts that trigger the authenticator prompts.
3. Multiple Authentication Methods: If you have multiple authentication methods set up (like backup codes or linked devices), the attacker might be exploiting these to gain access.

To enhance your security, consider the following steps:

• Change Your Password: Immediately change your password to a strong, unique one.
• Review Account Activity: Check for any unauthorized changes or linked accounts.
• Enable Two-Factor Authentication (2FA): Ensure that 2FA is enabled and review your security settings.
• Secure Your Devices: Run antivirus scans on your devices to check for malware that could compromise your accounts.
• Inform Contacts: If you suspect your account has been compromised, inform your contacts to prevent them from falling victim to potential phishing attempts.

If the issue persists, you may need to contact Microsoft Support for further assistance.

---

References:

• Enable passwordless sign-in with Authenticator
• Authentication methods in Microsoft Entra ID - Microsoft Authenticator app