Microsoft account unusual sign-in activity

subspace's Avatar

subspace

01 Mar, 2014 08:25 AM

Yesterday I received an email from Microsoft about unusual sign-in activity on my account. The location didn't make a lot of sense to me at first, but I noticed that the time of the sign-in was about the same as when I rebooted my machine, and thus restarted Trillian.

My account activity is showing a security challenge from the somewhere in or near Boston (IP 74.201.34.19), is this a Trillian related thing? Unfortunately it does not show which application or browser made the request:

RecentActivity

I just find it odd because I've never received such a message before for merely logging on to Live Messenger from Trillian.

  1. Support Staff 1 Posted by Don Petty on 03 Mar, 2014 09:17 PM

    Don Petty's Avatar

    Since Trillian on mobile is proxied through our servers to connect to the various chat services, WLM sees this as an anomaly in some instances. Acknowledging that it's not a threat should allow it to connect normally.

    Log into https://account.live.com and click "Recent Activity", you will see a list of IPs of where Microsoft recorded attempts to log into your Live account. One of these will be an IP address that belongs to the Trillian servers. If you click "This was me" it should keep that warning from popping up.

    -Don

  2. 2 Posted by chris on 12 Mar, 2014 02:07 AM

    chris's Avatar

    This happened to me as well! Just for anyone googling:

    You can confirm it's trillian by starting up a command prompt (you may need an administrator prompt) and using the netstat command. Use the -o switch, like this:

    netstat -o

    This will show you all your current connections and include the process ID (PID) of the process that has the connection open. In my case "74.201.34.50" was the IP reported on my Microsoft Account recent activity page, but the connection was to "74.201.34.42". That's close enough to be a related destination.

    Bring up your task manager and on the details page, reference the PID column (you may have to add this column). Sure enough, it was trillian.exe that was making the connection.

    I almost had a heart attack when I changed my password and was still getting security challenge events on my activity page! Knowing it's just trillian trying to do its job calmed my nerves =)

  3. 3 Posted by zoee on 09 Apr, 2014 03:08 PM

    zoee's Avatar

    I received this in Junk. mail: I am with Telus in Canada. It's not my acitvity...now what?
    Microsoft account
    Unusual sign-in activity
    We detected something unusual about a recent sign-in to the Microsoft account ********@hotmail.com. To help keep you safe, we required an extra security challenge.
    Sign-in details:
    Country/region: Nigeria (NG)
    IP address: 41.190.3.2
    Date: 4/7/2014 10:48 PM (WAT)
    If this was you, then you can safely ignore this email.
    If you're not sure this was you, a malicious user might have your password. Please review your recent activity and we'll help you take corrective action.
    Please download the attachment to confirm your log in details.

    Thanks,
    The Microsoft account team

  4. 4 Posted by Aurelia Hoogerz... on 13 May, 2014 03:03 PM

    Aurelia Hoogerzeil's Avatar

    I just got that message today only the Country/region is Mexico. I have my son, who is a Computer IT Technician checking this out. It may be a scam trying to get info from us, I am not sure. I'll let you know his results, if you want me to.

  5. 5 Posted by Bob on 29 May, 2014 01:11 AM

    Bob's Avatar

    Is this for real? or a spoof?

    Microsoft account
    Verify your account
    We detected something unusual about a recent sign-in for the Microsoft account bo*****@msn.com. For example, you might be signing in from a new location, device, or app.
    To help keep you safe, we've blocked access to your inbox, contacts list, and calendar for that sign-in. Please review your recent activity and we'll help you take corrective action. To regain access, you'll need to confirm that the recent activity was yours.
    Review recent activity
    Thanks,
    The Microsoft account team

  6. 6 Posted by MikkA on 16 Jun, 2014 06:57 AM

    MikkA's Avatar

    This happens to be a scam. If they have info on my account that happens to be strange or unusual.
    They wouldn't call me "user" or have me log in again.

    It's a scam.

  7. 7 Posted by MikkA on 16 Jun, 2014 07:02 AM

    MikkA's Avatar

    Sorry about the punctuation. It sent out before I could check it.
    But it has to be a scam. It's non descript.
    They claim to know that strange stuff is happening on my account yet this email has nothing personal about me.

    DO NOT REPLY TO THIS EMAIL. DO NOT GIVE OUT YOUR PASSWORD BY ENTERING YOUR INFO.
    YOU ALREADY SIGNED INTO YOUR ACCOUNT TO GET THIS EMAIL. YOU CANT SIGN-IN TWICE FROM YOUR ALREADY OPENED ACCOUNT.

    MH

  8. Support Staff 8 Posted by Don Petty on 17 Jun, 2014 12:18 PM

    Don Petty's Avatar

    Thanks for the heads up.... It's always a good practice when getting something like that to go manually to the website and sign in (rather than following the link). Though many are legit, that is a classic way for people with bad intentions to get your info.

    -Don

  9. 9 Posted by Peter on 13 Jul, 2014 11:10 PM

    Peter's Avatar

    Hey everyone, thanks for the info. I have gotten a similar message myself. I ended up signing into my live account from the link provided in the email, but stopped short of verifying if this was my account. Instead i researched and came across this page. Since I signed in through the link does that mean I have given my password out? Or have I stopped just short of falling into the scam?

  10. 10 Posted by Michelle Mikka ... on 14 Jul, 2014 01:38 AM

    Michelle Mikka H.'s Avatar

    If you sign into your account by entering your password. You need to change your password to your email.

    Sent from my iPhone

  11. 11 Posted by Sarayah on 14 Jul, 2014 07:50 AM

    Sarayah's Avatar

    FYI Microsoft does send those emails as well. They will NOT be sent to Junk. If your MSN, Hotmail, or Live account needs to be verified, "Microsoft Account Team" will send a message to you with their account. Their email will have a little shield icon next to the sender name/address, verifying that it is legitimately Microsoft. The link that it takes you to is "https://accounts.live.com/activity". They will ask you to verify that you are who you are to see the account activity, and send an email, text, or call verification code. Once you enter the code, you will be able to view your account activity. Without the correct verification code you can't view your activity.

    Usually, if it's spam, the link will take you somewhere else, using a masked link.

  12. 12 Posted by Bisnux on 21 Aug, 2014 01:58 PM

    Bisnux's Avatar

    Hola, revisando la IP, tambien recibi un correo de la mismaforma tal parece ser que es por los proxies de trillian, es bueno saberlo y que no me ando hackeando yo solo!.
    Saludos

  13. 13 Posted by Hzl on 29 Sep, 2014 07:15 AM

    Hzl's Avatar

    I get these "unusual-sign-in"-emails as well. Just like subspace did, I looked up the IP 74.201.34.19, and it belongs to Trillian (or more accurate, to Cerulean Studios). But for me these sign-in-attempts doesn't occur when I reboot but at night. Mormally at 3 am when I'm asleep and definitely not using Trillian. How come Trillian tries to connect at that time?

  14. 14 Posted by chris on 29 Sep, 2014 12:11 PM

    chris's Avatar

    3 AM is the beginning of a popular maintenance window, because most users are not on their PC at that time. Windows Update, for example will check for updates around that time. Maybe Trillian is checking for updates, or doing other maintenance tasks?

  15. 15 Posted by Michelle Mikka ... on 01 Oct, 2014 05:16 AM

    Michelle Mikka H.'s Avatar

    Sent from my iPhone

  16. 16 Posted by virginia davis on 01 Dec, 2014 06:54 AM

    virginia davis's Avatar

    I forgot my password to my acct. I have been trying to resolve this issue for seems like FORE-EVER!!!
    I only have 1 screen name or whatever you wish to call it, [email blocked]. What seems to be the
    issue? You sent me a new code # to access my account to my VALID e-mail address, so why would you not believe me that i have only 1? You successfully sent me an e-mail to the correct e-mail, why
    did you not let me tell you i only have 1 address? No place for comments. Are you short staffed?
    Why do I have to sign in to microsoft to get my results of labs from last week? I do not feel well & if you check the time, you will see I should be in bed!!!!!!!!!!!!!!!!!!!!!!!! Thank you
                                                                                                                          [email blocked]

  17. 17 Posted by virginia davis on 01 Dec, 2014 07:08 AM

    virginia davis's Avatar

    by the way call me stupid, what do you mean switch to markdown? why is my e mail blocked? did u do that because this was not my fault.

  18. 18 Posted by chris on 01 Dec, 2014 03:23 PM

    chris's Avatar

    Virginia, do you use Trillian?

  19. 19 Posted by DavisRNC on 01 Dec, 2014 03:26 PM

    DavisRNC's Avatar

    I have never heard of that name
     
     
    In a message dated 12/1/2014 10:23:47 A.M. Eastern Standard Time,
    [email blocked] writes:

    // Please reply above this line

  20. 20 Posted by chris on 01 Dec, 2014 03:30 PM

    chris's Avatar

    This is a forum for a chat program called "Trillian". Your questions specific to Microsoft password resets might be better asked in a Microsoft program.

  21. 21 Posted by DavisRNC on 01 Dec, 2014 04:31 PM

    DavisRNC's Avatar

    I never heard of that name. All i want to do is get my lab results from lab
     corp
     
     
    In a message dated 12/1/2014 10:23:47 A.M. Eastern Standard Time,
    [email blocked] writes:

    // Please reply above this line

  22. 22 Posted by markgrey perez on 19 Dec, 2014 06:33 AM

    markgrey perez's Avatar

    thank you and GODBLESS

  23. 23 Posted by Jennifer on 19 Dec, 2014 11:49 PM

    Jennifer's Avatar

    This would be an irresponsible type of email for Microsoft to send. So even if it is from them legitimately then do not click on any of the links within the email.

    I have been getting these emails as well and they are saying that my accounts will be blocked to keep me safe. But this isn't happening. My account have not been blocked even though I do not sign in using this email.

    Microsoft should have a much better system to detect strange sign behaviour than sending an insecure email with a link.

    No one can put a code, a symbol or any kind of reliable marker on an email to prove that the email is legitimate. Hackers make emails all the time that look legitimate right down to IP addresses and link names.

    Microsoft would be very negligent to communicate with us in this way. It causes many security concerns.

    I treat this as spam of the worst kind. Never click on links in emails especially if you don't understand why you would be receiving such emails. There are other ways to contact Microsoft and check your accounts.

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac