I got a email saying someone signed into my Microsoft account in the USA (I’m in Australia) After using this VPN. I first assumed maybe it’s because I Vpned to America so it made microsoft suspicious, but looking at the time and the login was at 4 AM in the morning which I obviously didn’t vpn at that time. So I’m really scared I got hacked. I contacted microsoft and they said My account is secure, but that doesn’t reassure me enough considering they emailed me for a suspicious login.
Was it 4AM time somewhere in the US?
Without more info, it’s very likely the email about suspicious activity is a scam
Never click links in emails. There’s your answer.
What is the concern or question?
So many scams around Microsoft login stuff. Phishing emails are not uncommon. Also not uncommon to have people randomly try to log in and fail.
Have two factor authentication on for your Microsoft login and your email that links to your account.
If you are worried change your password but don’t follow any links from an email.
I expect things will be fine.
Go to your account, sign out everything, change your password, check your recorevry mails / phones etc. Enable 2FA if it’s not enabled.
Hello,
I know it can be annoying, but if your Microsoft account is important to you, I strongly recommend that you install Microsoft authentificator and set the login to passwordless. That’s the only useful thing about this authenticator. Again, I know some people might be bothered to install Windows software on their phone, but the account is secure that way.
I recommend that you go to your account and Security > View my sign-in activity, to see if people are trying to log into your account. If you’re seeing regular connection attempts, there’s a good chance that your address has been leaked.
Another useful thing is to create a login alias on your Microsoft account, which you never give out and which will only be used as a login. You’ll continue to receive all your mail from the old email, but it will be impossible to log in with this account (Microsoft Account > Your Info > Edit profile info). Create your alias and click on “make primary”. It will serve as your login.
Here’s an example:
[email protected] is your current e-mail address
you can create [email protected] and make it primary.
This will make it impossible for anyone who has retrieved “[email protected]” to connect to your Microsoft account, since this account will be deactivated on connection (and only on connection, not for the rest). However, e-mails sent to “[email protected]” will still be received in your mailbox (and it won’t change a thing, only that it will be impossible to use it to connect).
It’s difficult to conclude if you are hacked. The best way now is to change password and setup 2 Factor authentication for Microsoft. That is all you need to do.
Hope you have antivirus on your computer.
I’m super stressed out so any comments help!
This. It was more than likely the local time of your VPN server.
Ohhhh 4:32 AM (GMT), Which converted to melbourne is like 3 Pm
It’s not because the email sends me to the official Microsoft recent activity page (which on that site showed me recent logins), and I know it’s real because as soon as I clicked the link I was already signed into my account, so it has to be legit
Brother, The email was actually by microsoft. because when I clicked the link It took me to the actual (recent activity) page. And I know that page is legit because It had my microsoft details already in it
Am I hacked or is this normal?
This is the correct solution and remedy. Also, use true 2FA like the Authy App. Avoid SMS MFA it’s not nearly as secure
Change passwort , add 2fa and be at peace , use a giant long passwort.
I get like between 33 to 267 failed trys to log into my account from all over the world Microsoft even states from the Iranian government but I doubt that likely just a false ip identification
Duuuuuude that’s amateur hour. You NEVER click the link in an email when it says your account was suspected of suspicious activity. Always go directly to the page itself.
Change your password, any other accounts that use the same password, and enable 2FA on EVERYTHING.
That description, by itself, doesn’t prove the email was legit (and as others said, you should almost never click email links). What email address was the email (seemingly) sent from?
Your question still doesn’t make sense.
Good luck!