![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 13%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAC%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation
Those messages are likely legitimate Microsoft security texts or emails indicating that someone is trying to sign in to the account and requesting verification codes, even though the requests were not initiated by the account owner.
Take these steps immediately:
- Do not use or share the codes
- Do not reply to the messages or share the codes with anyone.
- Treat every code as sensitive; if someone is asking for it, assume it is an attempt to access the account.
- Secure the Microsoft account
- Go to https://account.microsoft.com or https://account.live.com by typing the address directly into the browser (do not use links in messages).
- Change the account password to a strong, unique one.
- Review and update security info (phone numbers, alternate emails) on the Security basics page to ensure only trusted contact methods are listed.
- Check for unusual sign-in activity
- Review the Recent activity page for unfamiliar sign-ins or security changes and mark any that were not performed by the account owner.
- If there is any sign-in from an unknown device or location, follow the guidance there to secure the account.
- Understand why these messages appear
- Microsoft sends verification codes and alerts when:
- Someone tries to sign in from a new device or location.
- A feature requiring identity verification is used.
- If a verification code is received that was not requested, it may mean:
- Someone is trying to access the account, or
- Someone mistyped their phone/email when signing in.
- Microsoft sends verification codes and alerts when:
- Be cautious with all messages
- Genuine Microsoft account security emails come from domains such as @accountprotection.microsoft.com, including addresses like ******@accountprotection.microsoft.com.
- Genuine Microsoft security texts may come from short code 69525 or the sender “Microsoft”. The short code itself is not the verification code.
- Genuine links in Microsoft security texts start with aka.ms. If unsure, do not click any link; instead, go directly to https://account.microsoft.com or https://account.live.com in the browser.
- If messages continue
- Continue to ignore the codes and keep the account secured with a strong password and updated security info.
- Consider enabling two-step verification so that even if someone knows the password, they cannot sign in without the second factor.
If there is any sign that the account was actually accessed (password changed, messages sent, settings altered), follow the full guidance for a hacked or compromised Microsoft account and complete the account recovery process if needed.
References: