Are the Microsoft 'single-use code' emails legit?
Fraudsters are attempting to log into Microsoft users' accounts - here’s what to do if you receive one of these 'single-use code' emails.
Emails from Microsoft containing a 6-digit code are leaving recipients puzzled. These emails are genuine, but scammers are ultimately behind it all. This is likely to be a brute force attack by fraudsters who are attempting to access accounts by trying multiple passwords, sometimes with the help of automated software to scale their attack.
If you're worried about receiving a Microsoft single-use code that you didn't request and want to know what to do next, read on.
Sign up for scam alerts
Our emails will alert you to scams doing the rounds, and provide practical advice to keep you one step ahead of fraudsters.
Sign up for scam alerts
Microsoft single-use code’ email
The email is titled 'Your single-use code' and appears to be from Microsoft. It then tells you: ‘We received your request for a single-use code to use with your Microsoft account.’
It goes on to give you a 6-digit code and a message to only enter the code on an official website or app, not to share it with anyone and a reminder that Microsoft will never ask for it outside an official platform.
These codes can be genuinely requested by Microsoft account holders who need to verify their identity and gain access to their accounts, such as when logging in from a new device or location. If you receive this email and you didn't request the code, it's because someone is attempting to access your account, and we think it's wise that you take steps to secure it.
We inspected the account activity of one recipient of the Microsoft ‘single-use code’ email and saw several login attempts from all over the world, including the US, Turkey, Greece, Russia and Brazil. Luckily, all attempts were unsuccessful and their account was still secure, but we advised them to change their password to be on the safe side.
- Read more: how to create strong and secure passwords
How scammers get your data
There are lots of ways a fraudster can access your personal information, such as email addresses and passwords.
Emails, texts and dodgy adverts online embedded with phishing links can steal your data by impersonating brands and asking you to enter your personal information on the phishing website. These messages can also contain links that download malware to your device and steal your information that way.
Scam callers impersonating companies and authorities will almost always ask you for your personal information at some point, so this is another way for fraudsters to steal your information.
Data breaches, where hackers have gained access to large amounts of personal data, such as by hacking into an organisation’s database, are also opportunities for scammers to gain your information.
Protecting your account
Creating strong passwords helps to prevent fraudsters from hacking into your email account. Avoid reusing passwords and don't use any personal information in a password. Using a password manager can help you create and organise secure passwords.
Setting up two-factor authentication also helps to protect your account from attacks. This is when you set up another way of verifying your identity when logging into an account. So if you log in from a new phone, tablet or computer, or from a new location, you’re sent a code via email or text to confirm that it’s you attempting to log in.
Microsoft users can check their account activity to see any unauthorised login attempts by signing into their accounts here.
You can check if your email address has been compromised at Have I Been Pwned.
Sign up for scam alerts
Our emails will alert you to scams doing the rounds, and provide practical advice to keep you one step ahead of fraudsters.
Sign up for scam alerts
