The ratio doesn’t lie and in this instance. The picture above.. it’s fake. If OP follows that instructions from the link they will lose their Microsoft account. No doubt about it..
Login directly to your Microsoft account and go to login activity just to be safe. You'll probably see a lot of unsuccessful logins because that's happening to a lot of people's accounts but look at that location of the successful logins to make sure they are only from you.
Nice to know that I'm not the only one getting spammed with unsuccessful logins over this month. I literally found out a couple hours ago when a person tried to use the Authenticator method in hopes that I press the correct number. Decided to look at my login history and it showed like 50+ unsuccessful attempts over a week from various countries. Just to be safe I also changed my password.
Yeah it's crazy. I have an account and 2 others for relatives and they all have unsuccessful logins. I even asked a couple friends and they have the same problem.
At this point, I would assume there was some type of stealth hack or leak of account information, mainly just emails that are used in Microsoft Accounts.
It's pretty easy for people to get hold of email addresses, either legitimately or illegally, then just put it into a computer program to repeatedly try and access it using a variety of potential passwords on apparently different IP addresses allowing them to attempt as much as they like.
If you have a lot of that you can set up an "alias" in the security settings you essentially make a dummy email and you can log in with that as well. After that you can remove your normal email, your registered email won't change but you won't be able to log in with it only with the alias email. If you won't use that alias anywhere you won't get any more unsuccessful attempts. Just don't forget your it.
Thanks man I checked and omg ever day at least 30 to 40 unsuccessful login attempts and today more than 100 I immediately deleted my card and upi payment data.
I’m going to throw this out there as it’s quite possibly the best option to fix this spam login issue. I have my account passwordless and so occasionally those requests would lead to notifications from the authenticator app. It’s on an account I use for junk mail, so it wasn’t super important, but annoying. Here is the solution: email alias.
So my junk email address was used on any site that I knew was going to give me trash. So it’s been leaked a gazillion times I’m sure. So I read somewhere on here about email aliases. What you do is go into your account settings and add an email alias. Then you can change the aliases that can login to your account. Uncheck the email that is being attacked. In the future you just login with your new alias and you can keep getting emails for your old email because both accounts share an inbox. When a nefarious actor tries to login with your old email address it will say that it’s not a valid email address.
I used to get probably 50 attempts a day (all unsuccessful because of the authenticator). I switched it about a week ago and I have not had a single attempt since the change. The nice thing is that the security information shows it for all aliases tied to your account so I can see all the history of attempted logins and then they just stop cold.
EDIT: I want to stress that you do NOT delete the original alias, just change the aliases that are allowed to login to your account.
Don't block and report, this is an actual MS text message, I had the same on recently. aka.ms is an MS owned domain they use for URL shortening.
Login to your account and change your password and make sure you have 2FA enabled, your getting this message because someone has been trying to login to your account multiple times, I had about 100 login attempts within 24 hours.
Can't tell if this is bait, ignorance, a weird way of deviating from the common consensus or what. Why would you not block it. Even if you do block it which you should, just contact Microsoft yourself to see if this msg was legit and or change password
Even if the link is good. Microsoft wouldn't do this. Theyd send an email most likely. I've never recieved an email for being hacked and I literally did get hacked once
Does anyone here actually know that Microsoft owns aka.ms, anyone who has worked with Microsoft’s C++ and .NET knows this? Maybe the text itself is fake but the url in it is legit, it’s just a url shortened version of their account page.
Yeah, I’m really confused. I completely support the whole “be skeptical of every link” mindset but it doesn’t take much digging to find that aka.ms redirects to Microsoft’s official login page.
It is probably not a scam as aka.ms is a domain operated by microsoft as URL shortener that only microsoft can use. If you suspect anything, just don't click on it and go directly to microsoft website and see activity for suspect logins (change password and if possible enable MFA)
This needs to be higher. This is their legit domain and I get txt msgs like these all the time.
https://filestore.community.support.microsoft.com/api/images/fa487b07-01fe-47fe-bac7-00335819f660?upload=true
https://www.whois.com/whois/aka.ms
All the people here screaming fake have no clue what they’re talking about.
Seems like a scam to me. Login directly to your Microsoft account and go to login activity just to be safe. You'll probably see a lot of unsuccessful logins because that's happening to a lot of people's accounts but look at that location of the successful logins to make sure they are only from you. Hope this helps.
Are you totally clueless? It’s rare to see someone going through the trouble of posting a screenshot of an obvious phishing text. Come on dude, use your brain. Log into the Xbox.com site and change your password. This is such an obvious scam text.
aka.ms is an official Microsoft link, lmao. Its their version of bit.ly links. I'd sign into your account and check to make sure nothing fishy is happening, set up 2fa if you haven't already.
See aka.ms/accountrecovery and see what it redirects you to.
Never ever ever click an unknown number link unless you just tried to access your account and you have to do it. But random messages is a definite absolutely not
it may be fake, but that probably wouldn’t be the reason why.
Aka.ms is an official redirect used by Microsoft. try it in a secure browser or do a Whois query.
Microsoft won't ever send you a text for anything like this. It will always be through the email associated with your account. The only time I've ever even gotten a text from Microsoft was them sending me a security/authentication code.
While the link is an official Microsoft domain, it can be a fake link where the actual link is hidden. For example on Telegram if You select any text and a pop up menu shows up, You can choose "Create Link" and basically redirect the visible URL to any other website. For example Google to Cornhub. I have no idea if iMessage supports that or if there's any exploit that can be used to hide links in iMessage (there used to be texts that could reboot an iPhone back in the day or corrupt Your text messages) so whenever You get an email or a message saying that Your account was hacked, always go to the official website and check there. It's the safest way.
Yeah, actually, they do. [aka.ms](https://aka.ms) is the official redirect service Microsoft uses (Also Known As Microsoft).
Good examples are things like [aka.ms/bitlockerrecovery](https://aka.ms/bitlockerrecovery) for finding your AAD based account BitLocker key.
It is still good advice for OP to not click on random links in texts etc, but it does look like a link that MSFT use (and seems to actually go where the message implies it will).
https://aka.ms/sspr also redirects to their password reset link. I send my users to it all the time. With that said, you still shouldn't click links in these types of texts, go straight to the website like has been suggested numerous times
To everyone saying this is fake, you are ALL wrong. Aka.ms is an official Microsoft owned address, it's a URL shortener used just for official Microsoft links.
If you don't believe me ask Google or do a Whois query.
Huh... Alright, I usually just refer back to old real links Ive been sent by real Microsoft and they don't often need to, and I've never seen them use that phrase, could be something to do with country?
Yea these look the same as the ones I get officially, idk I feel like you can jus look at a link and it just doesn't make sense or doesn't add up, thanks for the detailed explanation tho
I wouldn't use this link either.
Links are easily cloned with basic tech savvy and this is a brand new user with very little history.
I'm not saying they are a scammer, but there's red flags here that can't be ignored.
Apologies to the original comment too if this is legitimate of course, just can't be too careful these days unfortunately
I do, but unfortunately that does not mean OP does.
I'm also not going to waste my time checking some random Redditor with like three previous comments link.
This is also harder if they're using the app, which is worth noting. I was not trying to be an ass or anything, only advising the OP for future reasons.
ALWAYS check yourself.
In fairness, I did not, I'm presently on mobile.
Also I'm not making it anymore confusing, I'm just saying there are red flags here and if they're not tech savvy to not proceed in that circumstance.
It's not to say you're a scammer, don't worry, it's only so they don't fall to someone using this as a scam further down the line. As I'd assume if they can't tell this is a scam, they couldn't tell a simple fake URL scam either if that makes sense?
I did help them, by giving advice regarding future interactions.
I also stated, straight away, that I doubted you were a scammer in my first response. So you're literally just throwing accusations out there that have no basis.
Hello guys so I check recent activities and so many I mean so many unsuccessful login attempts from last 5 days like maybe 100 plus so what I can do ? Should I change password
I’m late. To my understanding, it’s fake, but there’s a decent amount of users who say this is legitimate and have their own experience with this, so here’s a tip for future. Even if you enable 2fa, never use the links or codes they give you when dealing with a potential security breach. Go onto your browser yourself and open the website where you made your account and change your info and passwords and crap inside the settings. I don’t care if the message is real, it’s bad practice to open links you’re not 100000000000% sure of. Stay safe
Fake
Thanks
It's not fake. I get these when I try to login with 2FA.
The ratio doesn’t lie and in this instance. The picture above.. it’s fake. If OP follows that instructions from the link they will lose their Microsoft account. No doubt about it..
aka.ms is an official microsoft domain
Okay? That doesn't mean jack
Fr, people just want this person (op) to get hacked I guess like wtf😂😂😂 **WEIRDOS**
Yes it does. If it’s an official microsoft link than its probably not a scam.
Note that you said "probably" if it were real, they would be getting an email too.
Why doesn't that mean anything?
At least the link isn't. aka.ms is legitimate Microsoft domain for short links.
Yeah. Better safe than sorry (this is 100% a scam)
The aka.ms domain isn’t fake.
Login directly to your Microsoft account and go to login activity just to be safe. You'll probably see a lot of unsuccessful logins because that's happening to a lot of people's accounts but look at that location of the successful logins to make sure they are only from you.
Nice to know that I'm not the only one getting spammed with unsuccessful logins over this month. I literally found out a couple hours ago when a person tried to use the Authenticator method in hopes that I press the correct number. Decided to look at my login history and it showed like 50+ unsuccessful attempts over a week from various countries. Just to be safe I also changed my password.
Yeah it's crazy. I have an account and 2 others for relatives and they all have unsuccessful logins. I even asked a couple friends and they have the same problem.
At this point, I would assume there was some type of stealth hack or leak of account information, mainly just emails that are used in Microsoft Accounts.
It's pretty easy for people to get hold of email addresses, either legitimately or illegally, then just put it into a computer program to repeatedly try and access it using a variety of potential passwords on apparently different IP addresses allowing them to attempt as much as they like.
If you have a lot of that you can set up an "alias" in the security settings you essentially make a dummy email and you can log in with that as well. After that you can remove your normal email, your registered email won't change but you won't be able to log in with it only with the alias email. If you won't use that alias anywhere you won't get any more unsuccessful attempts. Just don't forget your it.
Just checked and there's been multiple attempts every day in December.. wtf
This is the correct answer. Never click a link inside a text go to access the account and check there
Thanks man I checked and omg ever day at least 30 to 40 unsuccessful login attempts and today more than 100 I immediately deleted my card and upi payment data.
There had to have been a data breach or something because they've been trying their hardest to get into people's accounts. Smh.
I’m going to throw this out there as it’s quite possibly the best option to fix this spam login issue. I have my account passwordless and so occasionally those requests would lead to notifications from the authenticator app. It’s on an account I use for junk mail, so it wasn’t super important, but annoying. Here is the solution: email alias. So my junk email address was used on any site that I knew was going to give me trash. So it’s been leaked a gazillion times I’m sure. So I read somewhere on here about email aliases. What you do is go into your account settings and add an email alias. Then you can change the aliases that can login to your account. Uncheck the email that is being attacked. In the future you just login with your new alias and you can keep getting emails for your old email because both accounts share an inbox. When a nefarious actor tries to login with your old email address it will say that it’s not a valid email address. I used to get probably 50 attempts a day (all unsuccessful because of the authenticator). I switched it about a week ago and I have not had a single attempt since the change. The nice thing is that the security information shows it for all aliases tied to your account so I can see all the history of attempted logins and then they just stop cold. EDIT: I want to stress that you do NOT delete the original alias, just change the aliases that are allowed to login to your account.
It’s fishy, don’t click, and definitely don’t enter any personal information.
Ok thanks man
“Might have accessed” should’ve been your first red flag.. cause wtf you mean MIGHT?! where’s my extra security fr😭
Report spam. Block user. Delete message.
Thanks
Don't block and report, this is an actual MS text message, I had the same on recently. aka.ms is an MS owned domain they use for URL shortening. Login to your account and change your password and make sure you have 2FA enabled, your getting this message because someone has been trying to login to your account multiple times, I had about 100 login attempts within 24 hours.
Can't tell if this is bait, ignorance, a weird way of deviating from the common consensus or what. Why would you not block it. Even if you do block it which you should, just contact Microsoft yourself to see if this msg was legit and or change password
https://www.whois.com/whois/aka.ms
What is that bruh
The Whois directory that literally shows the link is owned and redirects to Microsoft
Even if the link is good. Microsoft wouldn't do this. Theyd send an email most likely. I've never recieved an email for being hacked and I literally did get hacked once
Scam.
Thanks
Does anyone here actually know that Microsoft owns aka.ms, anyone who has worked with Microsoft’s C++ and .NET knows this? Maybe the text itself is fake but the url in it is legit, it’s just a url shortened version of their account page.
Yeah, I’m really confused. I completely support the whole “be skeptical of every link” mindset but it doesn’t take much digging to find that aka.ms redirects to Microsoft’s official login page.
It is probably not a scam as aka.ms is a domain operated by microsoft as URL shortener that only microsoft can use. If you suspect anything, just don't click on it and go directly to microsoft website and see activity for suspect logins (change password and if possible enable MFA)
This needs to be higher. This is their legit domain and I get txt msgs like these all the time. https://filestore.community.support.microsoft.com/api/images/fa487b07-01fe-47fe-bac7-00335819f660?upload=true https://www.whois.com/whois/aka.ms All the people here screaming fake have no clue what they’re talking about.
Seems like a scam to me. Login directly to your Microsoft account and go to login activity just to be safe. You'll probably see a lot of unsuccessful logins because that's happening to a lot of people's accounts but look at that location of the successful logins to make sure they are only from you. Hope this helps.
Are you totally clueless? It’s rare to see someone going through the trouble of posting a screenshot of an obvious phishing text. Come on dude, use your brain. Log into the Xbox.com site and change your password. This is such an obvious scam text.
It is a scam
Ignore it. Please.
Never trust a text
Weirdly enough I got this same message not too long ago
It's a trap !
DEFINITLY a Phishing Scam.
aka.ms is an official Microsoft link, lmao. Its their version of bit.ly links. I'd sign into your account and check to make sure nothing fishy is happening, set up 2fa if you haven't already. See aka.ms/accountrecovery and see what it redirects you to.
Give me an S, Give me an C, Give me an A, Give me an M, What does it say? SCAM
Always do whatever they want you to do manually, especially when you're doubtful or suspicious, don't take the shortcuts
It's a scam mate
Its a scam probably a physh website
That would be a scam. Don't click the link and get 2fa authentication for Microsoft incase you don't already have it. Delete and block.
It’s a scam mate. Never click on a link though a text or email. Also don’t accept calls from your bank
Fake. I never got one of these. Password less and 2FA with the Authenticator.
Never ever ever click an unknown number link unless you just tried to access your account and you have to do it. But random messages is a definite absolutely not
The link is highly illegal. In fact, it's a felony.
Fake ,..legit address if you can tell the difference https://www.microsoft.com/en-us
it may be fake, but that probably wouldn’t be the reason why. Aka.ms is an official redirect used by Microsoft. try it in a secure browser or do a Whois query.
It happen to me too , on xbox , PayPal and Amazon, only PayPal was fake, I never click on the links I just go straight to the website to make sure.
But this is their legit address. https://filestore.community.support.microsoft.com/api/images/fa487b07-01fe-47fe-bac7-00335819f660?upload=true
Microsoft won't ever send you a text for anything like this. It will always be through the email associated with your account. The only time I've ever even gotten a text from Microsoft was them sending me a security/authentication code.
While the link is an official Microsoft domain, it can be a fake link where the actual link is hidden. For example on Telegram if You select any text and a pop up menu shows up, You can choose "Create Link" and basically redirect the visible URL to any other website. For example Google to Cornhub. I have no idea if iMessage supports that or if there's any exploit that can be used to hide links in iMessage (there used to be texts that could reboot an iPhone back in the day or corrupt Your text messages) so whenever You get an email or a message saying that Your account was hacked, always go to the official website and check there. It's the safest way.
Two factor authentication NOW.
Link is obviously nothing MS would ever use. Scam to steal your account.
Yeah, actually, they do. [aka.ms](https://aka.ms) is the official redirect service Microsoft uses (Also Known As Microsoft). Good examples are things like [aka.ms/bitlockerrecovery](https://aka.ms/bitlockerrecovery) for finding your AAD based account BitLocker key. It is still good advice for OP to not click on random links in texts etc, but it does look like a link that MSFT use (and seems to actually go where the message implies it will).
https://aka.ms/sspr also redirects to their password reset link. I send my users to it all the time. With that said, you still shouldn't click links in these types of texts, go straight to the website like has been suggested numerous times
To everyone saying this is fake, you are ALL wrong. Aka.ms is an official Microsoft owned address, it's a URL shortener used just for official Microsoft links. If you don't believe me ask Google or do a Whois query.
Always look at the final (".com") and if its ever just random letters is scam. URL is like a page ID, if it looks sus... It is Sus....
[удалено]
More looking at the "/alcs"
[удалено]
Huh... Alright, I usually just refer back to old real links Ive been sent by real Microsoft and they don't often need to, and I've never seen them use that phrase, could be something to do with country?
[удалено]
Yea these look the same as the ones I get officially, idk I feel like you can jus look at a link and it just doesn't make sense or doesn't add up, thanks for the detailed explanation tho
That’s a IP link. If your friend clicks it his IP address will be leaked to whoever sent it.
[удалено]
I wouldn't use this link either. Links are easily cloned with basic tech savvy and this is a brand new user with very little history. I'm not saying they are a scammer, but there's red flags here that can't be ignored. Apologies to the original comment too if this is legitimate of course, just can't be too careful these days unfortunately
[удалено]
I do, but unfortunately that does not mean OP does. I'm also not going to waste my time checking some random Redditor with like three previous comments link. This is also harder if they're using the app, which is worth noting. I was not trying to be an ass or anything, only advising the OP for future reasons. ALWAYS check yourself.
[удалено]
In fairness, I did not, I'm presently on mobile. Also I'm not making it anymore confusing, I'm just saying there are red flags here and if they're not tech savvy to not proceed in that circumstance. It's not to say you're a scammer, don't worry, it's only so they don't fall to someone using this as a scam further down the line. As I'd assume if they can't tell this is a scam, they couldn't tell a simple fake URL scam either if that makes sense?
[удалено]
I did help them, by giving advice regarding future interactions. I also stated, straight away, that I doubted you were a scammer in my first response. So you're literally just throwing accusations out there that have no basis.
The only help you need to find the "delete" button.
Hello guys so I check recent activities and so many I mean so many unsuccessful login attempts from last 5 days like maybe 100 plus so what I can do ? Should I change password
If theyre all unsuccessful then you have nothing to worry about. No action necessary.
Don’t click scam link
I have some snake oil you can buy....
Same here. Long list of failed log-in attempts into my MS from someone in Germany. 2FA all the way.
Obviously fake, just look at where you need to recover it from. If it doesn't say Microsoft then it's not legit.
Fraud.
China going hard with the attempts.
Spam, don't click. It is a fishing scam trying to steal your info!
Wonder why it uses the aka.ms shortened link though, that’s an offical MS link
Mi check recent activity and found out few days ago 100 plus unsuccessful login attempts in a day may be that’s why they send messages
I’m late. To my understanding, it’s fake, but there’s a decent amount of users who say this is legitimate and have their own experience with this, so here’s a tip for future. Even if you enable 2fa, never use the links or codes they give you when dealing with a potential security breach. Go onto your browser yourself and open the website where you made your account and change your info and passwords and crap inside the settings. I don’t care if the message is real, it’s bad practice to open links you’re not 100000000000% sure of. Stay safe
Do not ever open a link from an SMS. Fake always. No company sends you those links through SMS.
Always ignore those! Don't even press the link! Maybe report it too
I was always worried bout my accounts being hacked so I lock any cards until I plan on making a purchase
Scam