Ms account reset

[ef37a]

Today I received an email from "The Microsoft Account Team" asking me to "reset your account password for ...*my email address* and giving a seven digit code for the purpose.

Do I need to do this and if so how? My emails seem to be working just a s well as ever.

Dave.

[Kwackman]

This looks similar and the info in the reply might help?

https://answers.microsoft.com/en-us/out ... d2cd9d93f5

[Music Wolf]

https://answers.microsoft.com/en-us/outlook_com/forum/all/microsoft-account-password-reset-email-received/6f9c44e5-4d1e-47df-bbc2-f709c988ac62

[The Elf]

Never click a link in an email. Go to the MS website by typing in the genuine web address (http://www.microsoft.com would be a good start) in your browser and see if that tells you anything when you log in. I doubt it will.

I very much suspect what you have there is a 'phishing' (gawd I hate 'hip' spelling...) email.

[ef37a]

Thanks chaps. I have just opened Windows security and all is well with the exception of a yellow blob in One Drive which I shut down over a year ago because I didn't need it and found it an intrusive nuisance.

I have also run a Malwarebytes free scan and that returned 3 moderate threats but all back in 3 Jan 21.

I shall go with the "If it ain't broke....." philosophy.

Dave.

[The Elf]

I notice that someone on one of those postings recommends two-factor authorisation. That is THE most annoying thing. I accidentally switched it on for my Apple account and now I'm frequently pestered for a code from my phone when I'm just logging into my email on a PC - it's intensely annoying! Worse still, once it's switched on Apple will not allow you to switch it back off. Sigh...

It may be different with MS, but I'm not going to make that mistake again.

[wireman]

Note that of course anyone/anything sending you such a mail has your email address.

You have to decide if it is legitimate or not. You can look for clues but the best approach is to log into the service in question (email, Amazon or whatever) using your normal login mechanism (NOT by following links in the email). If your login works then fine , you can decide if you think you need to reset the password. If there is an issue with your account then likely you will be informed when you log in and if not then you could ask about this (for example using any online chat support feature).
If you can't log in then contact the provider with whatever means they make available.

[ef37a]

Thank you Wireman. I have to confess I had forgotten all about the incident!

I have had no problems with any sites since the email and have even done two bank transactions without a problem of any sort.

I think I shall take the sleeping dogs approach!

Dave.

[Watchmaker]

Two factor authentication (2FA - how's that for hip?) is, in my view, merely another way that companies pass the buck. How is it reasonable to make the least qualified people (the end user) responsible for data security?

Having worked as an IT auditor for 15 years, I have a deep understanding of the drivers of this approach, and it has precious little to do with security. Typical of modern business thinking the basic notion is, how can we make it look like we're doing something without spending any money that might otherwise become a leadership bonus?

As far as links in your email go, never, ever click them unless you know for sure that they're legit, which of course you can't know unless you have a higher than user level of competence with computers.

[ef37a]

Thank you too Watchmaker.
No, never do (now!) Some weeks ago I had an email from some company called ERS Gold and it was an invoice in the form of an attachment. NO WAY was I going to open that. I am pretty sure the firm is a 'quango' associated with my county council but since the email was one of those %$%£!!ing No Reply jobs I cannot check.

I also know what the bill might be for (in my late wife's name) but cluck 'em! If they send me a gentlemanly, open text message I shall reply and pay. Otherwise I shall wait for what I am sure will be a snotty final demand!

Dave.

[Drew Stephenson]

Two factor authentication (2FA - how's that for hip?) is, in my view, merely another way that companies pass the buck. How is it reasonable to make the least qualified people (the end user) responsible for data security?

Hmm, I'm a bit torn on this.
On the one hand I get your argument about shifting the responsibility. But on the swing side, the single weakest point in any security system is the end user. They have to take some responsibility for this.
I think the solution is a risk-based approach. If you're doing something trivial (checking a balance, reviewing payment schedules etc) then it might be over the top. But as soon as you want to make a change then there needs to be additional security.

[OneWorld]

One thing I would advise is opening the account details and making a note of all the info entered when creating the account. I tried to revive an old account, tried to login and my password was refused so I went through the “lost password?” Procedure, no chance, it asked for questions I’d answered ages ago, I had no choice but jettison the account, but glad it was a dormant account, had it been a live account I would have been in a right mess

[Exalted Wombat]

Thank you too Watchmaker.
No, never do (now!) Some weeks ago I had an email from some company called ERS Gold and it was an invoice in the form of an attachment. NO WAY was I going to open that..

It's actually quite unlikely that simply opening an attachment would do anything terrible, particularly on an up-to-date computer system. The scam, if scam it be, will be a social one rather than an 'infection'.

[ef37a]

Thank you too Watchmaker.
No, never do (now!) Some weeks ago I had an email from some company called ERS Gold and it was an invoice in the form of an attachment. NO WAY was I going to open that..

It's actually quite unlikely that simply opening an attachment would do anything terrible, particularly on an up-to-date computer system. The scam, if scam it be, will be a social one rather than an 'infection'.

That may well be E W but the last time I got really screwed WAS by opening an attachment purporting to come from UPS. That installed a trojan and I had to format the drive and re install XP.

WRT "security" the world has gone mad. Just a simple phone call to one's bank and a couple of pre arranged questions could save so much hassle. But! There is no such thing any longer as a "simple" phone call! Try Dept of W&P when you have a spare afternoon.

Dave.