Unknown email mentioned for sending Code when logging in to Microsoft Account Services

Question

When logging into Microsoft Account services, I noted an email that I could not recognise.

It said "Send a code to gb****@epatra.com.

Clearly somewhere my security services have been compromised. Whilst I am able to login without any issue, I need to remove this reference and put down my correct email address.

How do I go about finding this reference within my account?

Answer 1

My apologies as I noticed you rated my answer as unhelpful here, and I want to make sure I answered your question completely and accurately. Is there anything else I can help you with?

Answer 2

Hello, good day and thanks for your question. To add to the above, please check out the additional information for this.

Check Recent Sign-in Activity

• Open https://account.microsoft.com/security from a browser.
• Click Review recent activity and from there you will see if the activity that happened on your account.
• If you seen anything suspicious, click Secure your account from that page and go through from there.

Check Your Authenticator App

(Microsoft Authenticator cannot easily be compromised or be broken into)

• Check if your phone itself was compromised (this happens when it is rooted or unlocked).
• There is also a possibility that you might have approved a fake login prompt (via phishing).

(To check the Microsoft Authenticator)

• Open the app.
• Go to settings > Account backup.
• Check if backup is enabled (and which account it’s tied up to and this should be your account if this is enabled).
• You may also check if Device registration is enabled under the account name and this will show that it is linked to your device.

Review and Change Saved Passwords

• Open https://account.microsoft.com/credentials from a browser.
• Look under Saved passwords in the event that you are using Microsoft Edge Sync.
• Check for any strange entries or logins.
• If you’re using another password manager, you may check from there as well.
• Another option is to run a leak check from https://haveibeenpwned.com/

Change Passwords Immediately

• Change your Microsoft account password.
• Any email accounts that you are using for recovery.
• Any critical services that you are using for banking, password managers, work, etc.
• It is important to use a new, unique password, hard to guess and update your 2FA settings as needed.

Revoke Trusted Devices & App Sessions

• Open https://account.microsoft.com/devices from a browser.
• Remove any unknown devices and click each device and choose Remove or Sign out.
• Also, open https://account.live.com/proofs/manage.
• Under Security info, remove any unknown or old phone numbers, emails, or devices.
• Add or redo the authenticator instance by deleting and re-adding the app.

---

Note: This is a non-Microsoft website. The page appears to be providing accurate, safe information. Watch out for ads on the site that may advertise products frequently classified as a PUP (Potentially Unwanted Products). Thoroughly research any product advertised on the site before you decide to download and install it.

---

Answer 3

The unrecognized email is most likely listed as security info (an alternate email) on the Microsoft account and must be removed from the account’s security/alias settings.

To remove it and add the correct email:

1. Confirm the account being used
   • When signing in, make sure the correct Microsoft account address and domain are used (for example, .com vs .co.uk) and that the name is typed correctly (for example, rachel vs rachael). If the address is correct but the unknown email still appears, proceed to the next steps.
2. Review and remove unrecognized security info
   • Sign in to the Microsoft account security pages and review the phone numbers and email addresses listed as security info.
   • If an email like gb****@epatra.com appears and is not recognized, remove it from the security info list.
   • If unable to sign in because only unrecognized info is offered, use the I don't have any of these option (where available) and follow the prompts to recover the account and update security info.
3. Check aliases and verification destinations
   • Go to the Microsoft account profile/Your info page (for example, via the Edit account info link at https://account.live.com/names/manage).
   • Under aliases, review all email addresses and phone numbers associated with the account.
   • Remove any alias or verification email address that is not recognized.
   • Verification codes sent by email can only go to the primary alias or another email added as a way to verify sign-in, so ensure only trusted addresses remain.
4. If the account cannot be corrected
   • If the unrecognized email cannot be removed because access is blocked or recovery fails, use the account recovery process to regain control and then remove the unknown email.

If there is any sign that someone else has accessed the account (for example, unknown security info added), review recent activity and secure the account by changing the password and confirming only trusted security info is present.

---

References:

• Common problems with two-step verification for a work or school account
• Change the email address or phone number for your Microsoft account
• What happens if there's an unusual sign-in to your account
• Troubleshoot Microsoft verification code issues