none
Account Security Problem? RRS feed

  • Question

  • I'm getting a lot of e-mails about requesting a code for an unrecognized computer and if I did not do so to login and update my security settings. I have no idea what is causing this and what "settings" it is referring to. Can anyone explain why I'm receiving these messages and if I should be concerned?


    "Hi,

    Please use the code XXXXXXX to use your Windows Live ID from an unrecognized computer.

    If you didn't request this code, we recommend that you go to https://account.live.com and update your security information.

    Thanks,
    The Windows Live Team"

    As far as I can tell the url seems valid too. I started receiving the messages on July 1st I got 2 e-mails, on the 2nd I received 2 e-mails, then on the 7th and then today (10th). So that's 8 e-mails so far.

    Should I worry about this? What should I do?

    Tuesday, July 10, 2012 6:53 PM

Answers

  • Here's the e-mail message in full (except I redacted my personal e-mail)

    Delivered-To: redacted@gmail.com
    Received: by 10.64.138.67 with SMTP id qo3csp159173ieb;
            Tue, 10 Jul 2012 11:14:46 -0700 (PDT)
    Received: by 10.101.134.26 with SMTP id l26mr15703111ann.65.1341944085954;
            Tue, 10 Jul 2012 11:14:45 -0700 (PDT)
    Return-Path: <account-security-noreply@microsoft.com>
    Received: from servera03.blusmtpg.msn.com (servera03.blusmtp.msn.com. [65.55.238.142])
            by mx.google.com with ESMTP id b26si30110713yhe.98.2012.07.10.11.14.45;
            Tue, 10 Jul 2012 11:14:45 -0700 (PDT)
    Received-SPF: pass (google.com: domain of account-security-noreply@microsoft.com designates 65.55.238.142 as permitted sender) client-ip=65.55.238.142;
    Authentication-Results: mx.google.com; spf=pass (google.com: domain of account-security-noreply@microsoft.com designates 65.55.238.142 as permitted sender) smtp.mail=account-security-noreply@microsoft.com
    Message-Id: <4ffc7115.a64cec0a.0e2a.ffffedfeSMTPIN_ADDED@mx.google.com>
    Received: from BL2IDSTOOL1A014 ([157.55.134.16]) by servera03.blusmtpg.msn.com with Microsoft SMTPSVC(6.0.3790.4675);
    	 Tue, 10 Jul 2012 14:14:45 -0400
    Date: Tue, 10 Jul 2012 11:14:45 -0700
    From: Windows Live Team <account-security-noreply@microsoft.com>
    Subject: Your Windows Live Code
    To: <redacted@gmail.com>
    X-Priority: 3
    MIME-Version: 1.0
    Content-Type: text/plain;
    	charset="Windows-1252"
    Content-Transfer-Encoding: 8bit
    
    Hi,
    
    Please use the code 2859715  to use your Windows Live ID from an unrecognized computer.
    
    If you didn't request this code, we recommend that you go to https://account.live.com and update your security information.
    
    Thanks,
    The Windows Live Team

    It seems to come from microsoft.com and it also seems to direct me to live.com. Doesn't seem like a phishing attempt? I dunno...


    It doesn't seem to you like a phishing attempt, however, you posted here, so you obviously feel something is fishy. Why not just go logon to your windows ID as you normally do (i.e. don't use and URLs sent you via email) using the computer you normally use and change your password. Then when you go to access your windows live account from one of the unrecognized computers you have been using, see if there is any way to use the supplied code.

    Al Dunbar

    Tuesday, July 10, 2012 8:18 PM

All replies

    1. from what email address did you receive this message?
    2. was your email address in the "to:" field?
    3. was your email address the only one in the "to:" field?
    4. did the email message specify your name or the name of your account, or was it generic just as shown?
    5. was the same code always provided or did it differ from message to message?

    Try googling the phrase "we recommend that you go to https://account.live.com and update" and you will see a lot of others asking the same question. In one case, the email came from (or at least seemed to come from) account-security-noreply@microsoft.com, which makes it look legitimate.

    But what I don't get is: how are you supposed to use the code given? If MS was sending you instructions, you would think they would make it clearer, and present the information in a more professional manner.

    I get lots of spam apparently from my bank, paypal, and other companies I deal with. When the email is valid, it usually contains information that tends to validate the message (like my name); the spam usually is addressed to "Dear Customer".


    Al Dunbar

    Tuesday, July 10, 2012 7:44 PM
  • Here's the e-mail message in full (except I redacted my personal e-mail)

    Delivered-To: redacted@gmail.com
    Received: by 10.64.138.67 with SMTP id qo3csp159173ieb;
            Tue, 10 Jul 2012 11:14:46 -0700 (PDT)
    Received: by 10.101.134.26 with SMTP id l26mr15703111ann.65.1341944085954;
            Tue, 10 Jul 2012 11:14:45 -0700 (PDT)
    Return-Path: <account-security-noreply@microsoft.com>
    Received: from servera03.blusmtpg.msn.com (servera03.blusmtp.msn.com. [65.55.238.142])
            by mx.google.com with ESMTP id b26si30110713yhe.98.2012.07.10.11.14.45;
            Tue, 10 Jul 2012 11:14:45 -0700 (PDT)
    Received-SPF: pass (google.com: domain of account-security-noreply@microsoft.com designates 65.55.238.142 as permitted sender) client-ip=65.55.238.142;
    Authentication-Results: mx.google.com; spf=pass (google.com: domain of account-security-noreply@microsoft.com designates 65.55.238.142 as permitted sender) smtp.mail=account-security-noreply@microsoft.com
    Message-Id: <4ffc7115.a64cec0a.0e2a.ffffedfeSMTPIN_ADDED@mx.google.com>
    Received: from BL2IDSTOOL1A014 ([157.55.134.16]) by servera03.blusmtpg.msn.com with Microsoft SMTPSVC(6.0.3790.4675);
    	 Tue, 10 Jul 2012 14:14:45 -0400
    Date: Tue, 10 Jul 2012 11:14:45 -0700
    From: Windows Live Team <account-security-noreply@microsoft.com>
    Subject: Your Windows Live Code
    To: <redacted@gmail.com>
    X-Priority: 3
    MIME-Version: 1.0
    Content-Type: text/plain;
    	charset="Windows-1252"
    Content-Transfer-Encoding: 8bit
    
    Hi,
    
    Please use the code 2859715  to use your Windows Live ID from an unrecognized computer.
    
    If you didn't request this code, we recommend that you go to https://account.live.com and update your security information.
    
    Thanks,
    The Windows Live Team
    

    It seems to come from microsoft.com and it also seems to direct me to live.com. Doesn't seem like a phishing attempt? I dunno...

    Tuesday, July 10, 2012 7:49 PM
  • a few more points:

    • although the URL may look like https://account.live.com, the underlying URL may actually be different. examine it more closely in one of these emails to see what it actually is. If different, I would suspect this to be a phishing attack.
    • I was recently out of the country and when I logged in was presented with a challenge page where I apparently had to supply an answer to a secret question. because this was in asia, I could make no sense of the explanation, but found I could just open another window on hotmail and get into my account. There was no special code supplied as in the emails you have received.
    • If this resulted from you trying unsuccessfully to access your email account from an unrecognized computer, how could they expect you to receive their email?

    I suspect a phishing attempt. Some of the others who reported this said that they changed their password - which might not be a bad idea. I don't see how that would help, though. If the attacker already knew your password, they would not be phishing for it.


    Al Dunbar

    Tuesday, July 10, 2012 7:51 PM
  • Yeah I double checked the underlying address. I'm a software developer so I checked that carefully. What I posted was the original text of the e-mail. There was no link HTML.. it is just a plain text message. The mime-type is text/plain even.
    Tuesday, July 10, 2012 7:54 PM
  • Here's the e-mail message in full (except I redacted my personal e-mail)

    Delivered-To: redacted@gmail.com
    Received: by 10.64.138.67 with SMTP id qo3csp159173ieb;
            Tue, 10 Jul 2012 11:14:46 -0700 (PDT)
    Received: by 10.101.134.26 with SMTP id l26mr15703111ann.65.1341944085954;
            Tue, 10 Jul 2012 11:14:45 -0700 (PDT)
    Return-Path: <account-security-noreply@microsoft.com>
    Received: from servera03.blusmtpg.msn.com (servera03.blusmtp.msn.com. [65.55.238.142])
            by mx.google.com with ESMTP id b26si30110713yhe.98.2012.07.10.11.14.45;
            Tue, 10 Jul 2012 11:14:45 -0700 (PDT)
    Received-SPF: pass (google.com: domain of account-security-noreply@microsoft.com designates 65.55.238.142 as permitted sender) client-ip=65.55.238.142;
    Authentication-Results: mx.google.com; spf=pass (google.com: domain of account-security-noreply@microsoft.com designates 65.55.238.142 as permitted sender) smtp.mail=account-security-noreply@microsoft.com
    Message-Id: <4ffc7115.a64cec0a.0e2a.ffffedfeSMTPIN_ADDED@mx.google.com>
    Received: from BL2IDSTOOL1A014 ([157.55.134.16]) by servera03.blusmtpg.msn.com with Microsoft SMTPSVC(6.0.3790.4675);
    	 Tue, 10 Jul 2012 14:14:45 -0400
    Date: Tue, 10 Jul 2012 11:14:45 -0700
    From: Windows Live Team <account-security-noreply@microsoft.com>
    Subject: Your Windows Live Code
    To: <redacted@gmail.com>
    X-Priority: 3
    MIME-Version: 1.0
    Content-Type: text/plain;
    	charset="Windows-1252"
    Content-Transfer-Encoding: 8bit
    
    Hi,
    
    Please use the code 2859715  to use your Windows Live ID from an unrecognized computer.
    
    If you didn't request this code, we recommend that you go to https://account.live.com and update your security information.
    
    Thanks,
    The Windows Live Team

    It seems to come from microsoft.com and it also seems to direct me to live.com. Doesn't seem like a phishing attempt? I dunno...


    It doesn't seem to you like a phishing attempt, however, you posted here, so you obviously feel something is fishy. Why not just go logon to your windows ID as you normally do (i.e. don't use and URLs sent you via email) using the computer you normally use and change your password. Then when you go to access your windows live account from one of the unrecognized computers you have been using, see if there is any way to use the supplied code.

    Al Dunbar

    Tuesday, July 10, 2012 8:18 PM