Microsoft account unusual sign-in activity

subspace's Avatar


01 Mar, 2014 08:25 AM

Yesterday I received an email from Microsoft about unusual sign-in activity on my account. The location didn't make a lot of sense to me at first, but I noticed that the time of the sign-in was about the same as when I rebooted my machine, and thus restarted Trillian.

My account activity is showing a security challenge from the somewhere in or near Boston (IP, is this a Trillian related thing? Unfortunately it does not show which application or browser made the request:


I just find it odd because I've never received such a message before for merely logging on to Live Messenger from Trillian.

  1. Support Staff 1 Posted by Don Petty on 03 Mar, 2014 09:17 PM

    Don Petty's Avatar

    Since Trillian on mobile is proxied through our servers to connect to the various chat services, WLM sees this as an anomaly in some instances. Acknowledging that it's not a threat should allow it to connect normally.

    Log into and click "Recent Activity", you will see a list of IPs of where Microsoft recorded attempts to log into your Live account. One of these will be an IP address that belongs to the Trillian servers. If you click "This was me" it should keep that warning from popping up.


  2. 2 Posted by chris on 12 Mar, 2014 02:07 AM

    chris's Avatar

    This happened to me as well! Just for anyone googling:

    You can confirm it's trillian by starting up a command prompt (you may need an administrator prompt) and using the netstat command. Use the -o switch, like this:

    netstat -o

    This will show you all your current connections and include the process ID (PID) of the process that has the connection open. In my case "" was the IP reported on my Microsoft Account recent activity page, but the connection was to "". That's close enough to be a related destination.

    Bring up your task manager and on the details page, reference the PID column (you may have to add this column). Sure enough, it was trillian.exe that was making the connection.

    I almost had a heart attack when I changed my password and was still getting security challenge events on my activity page! Knowing it's just trillian trying to do its job calmed my nerves =)

  3. 3 Posted by zoee on 09 Apr, 2014 03:08 PM

    zoee's Avatar

    I received this in Junk. mail: I am with Telus in Canada. It's not my what?
    Microsoft account
    Unusual sign-in activity
    We detected something unusual about a recent sign-in to the Microsoft account ******** To help keep you safe, we required an extra security challenge.
    Sign-in details:
    Country/region: Nigeria (NG)
    IP address:
    Date: 4/7/2014 10:48 PM (WAT)
    If this was you, then you can safely ignore this email.
    If you're not sure this was you, a malicious user might have your password. Please review your recent activity and we'll help you take corrective action.
    Please download the attachment to confirm your log in details.

    The Microsoft account team

  4. 4 Posted by Aurelia Hoogerz... on 13 May, 2014 03:03 PM

    Aurelia Hoogerzeil's Avatar

    I just got that message today only the Country/region is Mexico. I have my son, who is a Computer IT Technician checking this out. It may be a scam trying to get info from us, I am not sure. I'll let you know his results, if you want me to.

  5. 5 Posted by Bob on 29 May, 2014 01:11 AM

    Bob's Avatar

    Is this for real? or a spoof?

    Microsoft account
    Verify your account
    We detected something unusual about a recent sign-in for the Microsoft account bo***** For example, you might be signing in from a new location, device, or app.
    To help keep you safe, we've blocked access to your inbox, contacts list, and calendar for that sign-in. Please review your recent activity and we'll help you take corrective action. To regain access, you'll need to confirm that the recent activity was yours.
    Review recent activity
    The Microsoft account team

  6. 6 Posted by MikkA on 16 Jun, 2014 06:57 AM

    MikkA's Avatar

    This happens to be a scam. If they have info on my account that happens to be strange or unusual.
    They wouldn't call me "user" or have me log in again.

    It's a scam.

  7. 7 Posted by MikkA on 16 Jun, 2014 07:02 AM

    MikkA's Avatar

    Sorry about the punctuation. It sent out before I could check it.
    But it has to be a scam. It's non descript.
    They claim to know that strange stuff is happening on my account yet this email has nothing personal about me.



  8. Support Staff 8 Posted by Don Petty on 17 Jun, 2014 12:18 PM

    Don Petty's Avatar

    Thanks for the heads up.... It's always a good practice when getting something like that to go manually to the website and sign in (rather than following the link). Though many are legit, that is a classic way for people with bad intentions to get your info.


  9. 9 Posted by Peter on 13 Jul, 2014 11:10 PM

    Peter's Avatar

    Hey everyone, thanks for the info. I have gotten a similar message myself. I ended up signing into my live account from the link provided in the email, but stopped short of verifying if this was my account. Instead i researched and came across this page. Since I signed in through the link does that mean I have given my password out? Or have I stopped just short of falling into the scam?

  10. 10 Posted by Michelle Mikka ... on 14 Jul, 2014 01:38 AM

    Michelle Mikka H.'s Avatar

    If you sign into your account by entering your password. You need to change your password to your email.

    Sent from my iPhone

  11. 11 Posted by Sarayah on 14 Jul, 2014 07:50 AM

    Sarayah's Avatar

    FYI Microsoft does send those emails as well. They will NOT be sent to Junk. If your MSN, Hotmail, or Live account needs to be verified, "Microsoft Account Team" will send a message to you with their account. Their email will have a little shield icon next to the sender name/address, verifying that it is legitimately Microsoft. The link that it takes you to is "". They will ask you to verify that you are who you are to see the account activity, and send an email, text, or call verification code. Once you enter the code, you will be able to view your account activity. Without the correct verification code you can't view your activity.

    Usually, if it's spam, the link will take you somewhere else, using a masked link.

  12. 12 Posted by Bisnux on 21 Aug, 2014 01:58 PM

    Bisnux's Avatar

    Hola, revisando la IP, tambien recibi un correo de la mismaforma tal parece ser que es por los proxies de trillian, es bueno saberlo y que no me ando hackeando yo solo!.

  13. 13 Posted by Hzl on 29 Sep, 2014 07:15 AM

    Hzl's Avatar

    I get these "unusual-sign-in"-emails as well. Just like subspace did, I looked up the IP, and it belongs to Trillian (or more accurate, to Cerulean Studios). But for me these sign-in-attempts doesn't occur when I reboot but at night. Mormally at 3 am when I'm asleep and definitely not using Trillian. How come Trillian tries to connect at that time?

  14. 14 Posted by chris on 29 Sep, 2014 12:11 PM

    chris's Avatar

    3 AM is the beginning of a popular maintenance window, because most users are not on their PC at that time. Windows Update, for example will check for updates around that time. Maybe Trillian is checking for updates, or doing other maintenance tasks?

  15. 15 Posted by Michelle Mikka ... on 01 Oct, 2014 05:16 AM

    Michelle Mikka H.'s Avatar

    Sent from my iPhone

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts


? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac