Background
This morning received an interesting email.
Email Body
Image
Text
Microsoft account un-usual sign-in activity.
| Microsoft account | ||||
| Unusual sign-in activity | ||||
| We detected something unusual about a recent sign-in to the Microsoft account daniel@hotmail.com. | ||||
| Sign-in details | ||||
| Country/region: United States | ||||
| IP address: 23.81.119.11 | ||||
| Date: Sat, 13 Nov 2021 03:44:08 +0000 (GMT) | ||||
| Platform: Windows | ||||
| Browser: Microsoft Edge | ||||
| Please go to your recent activity page to let us know whether or not this was you. If this wasn’t you, we’ll help you secure your account. If this was you, we’ll trust similar activity in the future. | ||||
|
To opt out or change where you receive security notifications, click here. Thanks, The Microsoft account team
TroubleShooting
I looked at the email a couple of times wondering if it was real.
Outline
Here are the steps I took to verify its authenticity:-
- Source
- Email Address
- Know Thyself
- Email Account
- Recent Activity
Source
Email Address
The email is purportedly is from Microsoft.
Yet, its reply address reads microsoft.unusual.sign@realstart-upservices.net.
Know Thyself
Family, know thyself.
Know and understand your own security posture.
Outline
- Changed Passwords
- Two Factor Authentication
- Opted Out of Saved Passwords
Changed Passwords
On Veterans’ day morning, I could not sleep.
Wasted my insomnia on changing my passwords across the board.
Two Factor Authentication
I have two-factor authentication enabled on my email accounts.
Saved Passwords
I am increasingly saying No when my browsers ask if I want to save a password.
Email Account
Know the condition on the ground.
Outline
- Recent Activity
Recent Activity
Please review the recent activity on your email account.
For Hotmail, please go here https://account.live.com/Activity ( Link )
Image
Textual
- Less than 1 minute ago
- Yesterday 6:30 PM
Explanation
Hotmail has my most recent activity listed as a minute ago.
That was me accessing the recent activity page.
Prior to that was a failed access login at 6:30 PM from the previous day.
My email provider’s actual logged activity does not line up with the email I received.
Who do I believe, a co-opted email address or my provider’s actual listing.
Summary
Remember Andrew Grove.
Andrew Grove says “Only the Paranoid Survive“.
When it comes to your computer security, please responsibly follow that motem.
It is best not to normalize reactive responses.
So please plan and implement ahead.
When prompted, please take the time to review the activities.
Determine the prompting’s veracity.
Learning in the Open 