Unusual IMAP activity from IP belonging to Microsoft

Oleg K 136 Reputation points
2022-07-14T17:29:04.95+00:00

Just received a notification from Microsoft that my MS account had unusual activity using IMAP and from IP that IP lookup shows is Microsoft Datacenter (13.101.134.40).

I have changed the password as suggested by notification (did this by going myself into my account and activity history). But the fact that IMAP was used and IP details makes it seems strange. Microsoft was doing something with my mail account and triggered their own algorithms?

Outlook Management
Outlook Management
Outlook: A family of Microsoft email and calendar products.Management: The act or process of organizing, handling, directing or controlling something.
4,885 questions

5 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Peter Tazaki 6 Reputation points
    2022-07-19T14:22:21.82+00:00

    Hey guys I have the exact same problem happening to me, starting maybe 4 days ago. It's driving me nuts. The reported IP address is 13.101.154.231 and its the same every time.

    I've already changed by password 3 times and the messages keep coming back. I don't even use my microsoft live email address for anything so it's really hard to think it's been hijacked.

    Maybe this is some kind of bug. Started happening after I ran an MS 365 Office update (the only recent change to my system I can think of) for my Mac.'

    Edit: The 2 step authentication requires an authenticator app which is something I want to avoid. It's another app to install on my already bloated-with-unwanted-but-necessary-apps smartphone. Sheesh.

    1 person found this answer helpful.
  2. Oleg K 136 Reputation points
    2022-07-14T17:55:04.167+00:00

    It said:
    Microsoft account
    Verify your account
    We detected something unusual about a recent sign-in for the Microsoft account ******@harsh.com .com. For example, you might be signing in from a new location, device, or app.
    To help keep you safe, we've blocked access to your inbox, contacts list, and calendar for that sign-in. Please review your recent activity and we'll help you secure your account. To regain access, you'll need to confirm that the recent activity was yours.

    I have then went to my account on Microsoft page and Security tab and then View my activity
    It was showing same IMAP connection from US (i am in Europe) in activity with Successful Sync status

    0 comments
  3. Andy David - MVP 141.6K Reputation points MVP
    2022-07-14T19:37:00.807+00:00

    Hi, this sounds like a Scam/Phishing email.
    https://answers.microsoft.com/en-us/outlook_com/forum/all/is-this-email-from-microsoft-account-team/6c51f622-1e4b-42e1-8618-fad98bba2316

    I would ensure you have two factor authentication enabled if you have already changed your password within the Microsoft security center and not by clicking any links in the email.
    Report the email as well.

  4. Faery Fu-MSFT 16,816 Reputation points Microsoft Vendor
    2022-07-15T02:39:02.443+00:00

    Hi @Oleg K ,

    Welcome to our forum!

    If you get an email about unusual activity on your Microsoft account, or if you’re worried that someone else might have used your account:

    • Go directly to Review recent activity page, this will tell you if anyone has tried accessing your account. Please note: Microsoft will never ask for your password in email, so never reply to any email asking for any personal information, even if it claims to be from Outlook.com or Microsoft.
    • Always make sure that you check the sender when you receive emails from Microsoft about suspicious login attempts. Online scammers use a technique called ‘phishing’ to gain access to your Microsoft account by sending you fake emails. The only real Microsoft account team email where Microsoft will contact you is account-security-noreply@acc2t9qnrt .microsoft.com.
    • Besides, you can use two-step verification with your Microsoft account to increase the security of your account.

    Hope above can help you!

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

  5. Ben 1 Reputation point
    2022-07-20T06:02:38.61+00:00

    Exactly the same for me, password changes don't seem to do the trick. After changing my pasword 2 days ago I got another unusual log-in activitiy from IP: 13.101.111.243 last night while I am located in Europe. Makes me worried if one of my devices has been compromised.