This is your verification link...
Discussion
I'm getting loads of these recently - "This is your one-time code" - "This is your secure link" - "We can see you're having trouble logging in, here's a link" - "Password change request".
Sites include Booking, Instagram, Farcebook, Flickr etc. I've changed my (originally generic, identical) password for these to one which is more secure and different for each site, but still these messages appear perhaps twice per week.
Each email tells me not to worry if it wasn't me, but I have my doubts.
Should I be concerned?
Sites include Booking, Instagram, Farcebook, Flickr etc. I've changed my (originally generic, identical) password for these to one which is more secure and different for each site, but still these messages appear perhaps twice per week.
Each email tells me not to worry if it wasn't me, but I have my doubts.
Should I be concerned?
vaud said:
r3g said:
Your email address has been compromised. Somebody else is accessing your emails in addition to yourself.
Someone knows his email address and they are using that to try to access the account. If they had access to the email account then they would be able to authenticate.r3g said:
vaud said:
r3g said:
Your email address has been compromised. Somebody else is accessing your emails in addition to yourself.
Someone knows his email address and they are using that to try to access the account. If they had access to the email account then they would be able to authenticate.Different emails will mean different things... the fact many of your accounts are being tried would suggest someones found/bought your email address and password(s), rather than just trying for the sake of it.
This is your one-time code - Someones logged in with your correct credentials and you have 2FA on, so it's sent the code
We can see you're having trouble logging in, here's a link - They are failing to sign in and the website is oversharing
Password change request - They don't have your credentials so hope this allows them to answer some questions to reset it
In any circumstance, I'd be changing every password to a complex unique password and enabling MFA on every account that allows it. Perhaps think about a password vault, that can remember these complex passwords (bitwarden or lastpass).
this is a legit site to check if and how you've potentially been compromised (or pwned!) https://haveibeenpwned.com/
This is your one-time code - Someones logged in with your correct credentials and you have 2FA on, so it's sent the code
We can see you're having trouble logging in, here's a link - They are failing to sign in and the website is oversharing
Password change request - They don't have your credentials so hope this allows them to answer some questions to reset it
In any circumstance, I'd be changing every password to a complex unique password and enabling MFA on every account that allows it. Perhaps think about a password vault, that can remember these complex passwords (bitwarden or lastpass).
this is a legit site to check if and how you've potentially been compromised (or pwned!) https://haveibeenpwned.com/
Edited by illmonkey on Tuesday 16th July 20:15
I’ve had 2 of these texts as well in the last 10 days, both from NOTICE and both reading the same: “Your verification code is S-nnnnnn. please verify within 5 mins.”
The only other text I’ve ever had from NOTICE is from a US government website (I think ESTA related) and reads completely differently and is from almost a year ago.
There are no emails that correspond to these texts.
Is someone trying to set the stage for a phishing call?
The only other text I’ve ever had from NOTICE is from a US government website (I think ESTA related) and reads completely differently and is from almost a year ago.
There are no emails that correspond to these texts.
Is someone trying to set the stage for a phishing call?
Edited by AW10 on Wednesday 17th July 09:26
droopsnoot said:
Presumably you've checked that these emails are actually coming from the sites that they claim to be coming from, and not just the usual "click here" taking you to a clone login page where you can hand over your credentials?
Yes - the sender's address always looks legit. Some of them just have the six-digit code with no actual link to follow.When I look into the deeper settings of my hotmail account, you can see a list of everyone that has tried to login and most of these are caught before sending out a verification code or other authenticator system.
All I need is your email address to try and log in to it. And many of us use the same email address as the user name on other sites.
All I need is your email address to try and log in to it. And many of us use the same email address as the user name on other sites.
illmonkey said:
Different emails will mean different things... the fact many of your accounts are being tried would suggest someones found/bought your email address and password(s), rather than just trying for the sake of it.
This is your one-time code - Someones logged in with your correct credentials and you have 2FA on, so it's sent the code
We can see you're having trouble logging in, here's a link - They are failing to sign in and the website is oversharing
Password change request - They don't have your credentials so hope this allows them to answer some questions to reset it
In any circumstance, I'd be changing every password to a complex unique password and enabling MFA on every account that allows it. Perhaps think about a password vault, that can remember these complex passwords (bitwarden or lastpass).
this is a legit site to check if and how you've potentially been compromised (or pwned!) https://haveibeenpwned.com/
If you're getting a passcode and you've setup 2FA they haven't got into your account they've simply entered your email address and now you're getting the next step within the authentication process.This is your one-time code - Someones logged in with your correct credentials and you have 2FA on, so it's sent the code
We can see you're having trouble logging in, here's a link - They are failing to sign in and the website is oversharing
Password change request - They don't have your credentials so hope this allows them to answer some questions to reset it
In any circumstance, I'd be changing every password to a complex unique password and enabling MFA on every account that allows it. Perhaps think about a password vault, that can remember these complex passwords (bitwarden or lastpass).
this is a legit site to check if and how you've potentially been compromised (or pwned!) https://haveibeenpwned.com/
Edited by illmonkey on Tuesday 16th July 20:15
Freakuk said:
illmonkey said:
Different emails will mean different things... the fact many of your accounts are being tried would suggest someones found/bought your email address and password(s), rather than just trying for the sake of it.
This is your one-time code - Someones logged in with your correct credentials and you have 2FA on, so it's sent the code
We can see you're having trouble logging in, here's a link - They are failing to sign in and the website is oversharing
Password change request - They don't have your credentials so hope this allows them to answer some questions to reset it
In any circumstance, I'd be changing every password to a complex unique password and enabling MFA on every account that allows it. Perhaps think about a password vault, that can remember these complex passwords (bitwarden or lastpass).
this is a legit site to check if and how you've potentially been compromised (or pwned!) https://haveibeenpwned.com/
If you're getting a passcode and you've setup 2FA they haven't got into your account they've simply entered your email address and now you're getting the next step within the authentication process.This is your one-time code - Someones logged in with your correct credentials and you have 2FA on, so it's sent the code
We can see you're having trouble logging in, here's a link - They are failing to sign in and the website is oversharing
Password change request - They don't have your credentials so hope this allows them to answer some questions to reset it
In any circumstance, I'd be changing every password to a complex unique password and enabling MFA on every account that allows it. Perhaps think about a password vault, that can remember these complex passwords (bitwarden or lastpass).
this is a legit site to check if and how you've potentially been compromised (or pwned!) https://haveibeenpwned.com/
Edited by illmonkey on Tuesday 16th July 20:15
vikingaero said:
When I look into the deeper settings of my hotmail account, you can see a list of everyone that has tried to login and most of these are caught before sending out a verification code or other authenticator system.
All I need is your email address to try and log in to it. And many of us use the same email address as the user name on other sites.
I've got several Microsoft accounts and they all get lots of log-in attempts - sometimes one a day, sometimes dozens - but they say "incorrect pasword entered".All I need is your email address to try and log in to it. And many of us use the same email address as the user name on other sites.
If I log in it only asks for my email address and then I get an authenticator alert which uses number matching.
We use Microsoft365 at work and before number matching was a thing we used to regularly get user accounts hacked as people just OK'd authenticator requests (but the hackers must have also has users passwords - many places like LinkedIn and hotel / airline loyalty site have been hacked and a lot of people use the same password).
I presume the same thing is happening in lots of accounts but they don't show log in attempts like Microsoft does.
Edited by Sheepshanks on Wednesday 17th July 13:22
I checked my emails on haveibeenpwned.com, changed the password for email addresses that showed up and turned on 2FA and ignore all these verification link emails now.
Its probably hackers running these email / password lists through automated brute force software.
With a freshly changed password and 2FA immediately turned on after the password change, your account will be secure.
Its probably hackers running these email / password lists through automated brute force software.
With a freshly changed password and 2FA immediately turned on after the password change, your account will be secure.
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff