As the holder of a multiple decades old email address, plenty of bots and sweatshops are trying to sign into my uniquely passworded account due to that email being credentials for other accounts.
MS told me my account required a password reset. I thought maybe I goofed up and let my email client on a weird VPN location and MS flagged it (has happened before and I had to verify all my MS accounts), but only two accounts got flagged for a reset.
So I thought maybe someone did manage to get into my account somehow.
So I sign in on live.com, go through the prompts to verify identity, and I set a new password. Then I look at the successful sign in activity. Oddly my email client is not recorded on there, as I know it had successful syncs, so I can't rule out that that one being a weird location didn't trigger it. But all the activity until I signed in on my browser says unsuccessful login or for one section of automatic sync, a dozen or more ip6 addresses from around the world were all recorded as unsuccesful sync.
Any idea how to trace the client syncs? I can't recall if I am set up with IMAP or POP, but by this morning my client did get locked out of the 2 MS accounts approximately 40 minutes after I saw the emails, and it tries to sync every hour, so I would have expected those to be on the log even as unsuccessful attempts...
Sort by:
Best
Open comment sort options
Best
Top
New
Controversial
Old
Q&A
how about stopping the unsuccessful sign in attempts from unfamiliar devices and locations entirely?
you can create an additional email alias, make it your primary alias and then make it the only alias enabled for signing in,
then when one of these hacker goobers tries to sign in to your account they're told there isn't an account associated with your original email address: https://imgur.com/a/WRD231F
I got the trick from a Microsoft MVP on their Community forum and since implementing it with both my old Hotmail accounts I've not had one unfamiliar sign in or sync attempt, 6 months now,
this is the procedure:
"these sign in attempts are hackers, your email has got into the public domain, likely from a data breach, you can check it here: https://haveibeenpwned.com/
but you can hide your email address from sign in.
if you go to Microsoft account, info tab, edit account info, (you'll likely be asked to verify your identity with a security code at this point, sent to you by email or text,)
now you are at "Manage how you sign in to Microsoft"
under "Account Aliases" is your primary email address, under that is "add email address" click on that and create a new, additional email address/alias, it'll be an outlook.com address,
once you've created this new email address it'll appear under your original email address, make the new address the primary address, DO NOT "REMOVE" THE ORIGINAL ADDRESS !!! you'll need to retain this, it's linked to the account settings, contents and the ability to continue sending and receiving with that original address, you're just making the new alias the primary alias,
then go to "Change sign in preferences" here you'll see your original email address and also the new one you've just created, tick the box to enable the new alias for sign in, then untick the original email address to disable sign in.
now the only identity that can be used to sign in to your account is this new email address, the password will be whatever you'd been using, if you never use this email address to send mail or give it out as a contact then no one will ever have it to start signing into your account,
if a hacker tries to sign in using your original address it will appear that account no longer exists, all the unsuccessful sign in attempts from unfamiliar devices and locations should cease immediately,
https://imgur.com/a/WRD231F
you will still be able to send and receive from your original address and the mailbox contents, settings, verification methods and passwords will not be changed, all that's different is you have to use this new email address for signing in.
here's the Microsoft article on Aliases, have a read before proceeding:
https://support.microsoft.com/en-us/office/add-or-remove-an-email-alias-in-outlook-com-459b1989-356d-40fa-a689-8f285b13f1f2
I did this with both my Hotmail accounts back in December and I've not had one sign in attempt from an unfamiliar device or location since."
Interesting, I didn't realize a subsequently created alias could become the sign in.
My only concern is email clients. Between Thunderbird and FairEmail, I am worried how they could have the right address associated. The new alias I'll have no interest in, but that new alias would be the login credentials...