Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"Account Temporarily Suspended" Genuine access code text?


  • This topic is locked This topic is locked
3 replies to this topic

#1 Itchy01

Itchy01

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:12:17 AM

Posted 30 May 2017 - 08:07 PM

Hi all

 

I tried getting this answered on MS Community. No luck.

 

My question is: in trying to follow MS instructions to un-suspend an Outlook account, have I run into a “man-in-the-middle” attack (or something similar).

 

May 20th, trying to access Outlook email account, I got a screen with this message or similar wording:

 

Your account has been temporarily suspended. Someone may have used your account to send out a lot of junk messages or done something else that violates the Microsoft services agreement

 

(When I eventually got into the account, BTW, the Recent Activities page showed nothing untoward – I just hadn’t used that Outlook email account for three weeks).

 

Anyhoo! Eventually, I followed the instruction to give the MS page a phone number to text. Within about a minute, I got a text on my mobile with a 4-digit code number which I entered in the space on the web page, and successfully accessed my email account. (And subsequently changed my MS account password). So far, apparently so good …

 

HOWEVER

 

I then noticed an article on Microsoft Support, “Account temporarily suspended” (Article ID: 13956 - Last Review: Jun 23, 2016 - Revision: 12) (https://support.microsoft.com/en-us/help/13956/microsoft-account-temporarily-suspended).

 

This article provided an illustration of a sample access code texted from MS, and I at once noticed it was different to the text I had received, i.e.:

 

-The illustrated sample text message had a numeric header, a body which identified the account, gave a (5-digit) code, and warned the recipient to change their password if they hadn’t requested the code. The kind of thing that, really, looks what you’d expect.

 

-My text message, however, had the word “Verify” in place of a sender’s phone number, no header, and a body content of only  “Microsoft access code: (4 digits)”. I'd add an image except I can't seem to see how to (???).

 

Can anyone tell me if they think the barebones text I describe is probably genuine, or should I be worried?

 

Thank you

 

Itchy01



BC AdBot (Login to Remove)

 


#2 Chris Cosgrove

Chris Cosgrove

  • Moderator
  • 6,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:06:17 AM

Posted 01 June 2017 - 05:49 PM

 

Eventually, I followed the instruction to give the MS page a phone number to text. Within about a minute, I got a text on my mobile with a 4-digit code number which I entered in the space on the web page, and successfully accessed my email account

 

What instruction did you follow ?  Was it a link in the message you got or did you go to 'support.microsoft.com' either directly or after googling for it ?  If you followed a link in the message I would be worried. If you went directly - ie opened a tab in your browser and typed 'support.microsoft.com' or googled for it - you are almost certainly OK.

 

If you reply on this point I can decide whether or not to leave this here or to ask you to start a topic in 'Am I infected?'

 

Chris Cosgrove



#3 Itchy01

Itchy01
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:12:17 AM

Posted 01 June 2017 - 06:31 PM

Hi Chris

 

Unfortunately, this is all from memory.

 

I didn't click on any link in the SMS text - it had no links, it was - as I say - VERY bare bones.

 

I did click on a link on a page with the "Temporarily suspended" message (the "Submit" button). See below where I give details I didn't give in my OP.

 

Details not previously given: I first saw the "Temporarily suspended" message on the web page that appeared after I first tried to sign into the Outlook Account on 20th May, having not signed into it for some 3 weeks. After seeing that message, I tried again to log into Outlook from different Google Search results using different search terms and a different result each time. E.g., I'd type "Outlook" into Google, and click on (e.g.) "Outlook.com - Microsoft free personal email" (https://outlook.live.com/) and navigate to the sign-in page, or type in "Outlook email" and click on "Outlook.com - Free personal email - Office.com - Sign In" (https://office.live.com/start/Outlook.aspx) and navigate to the sign-in page. In all, I did this three times in addition to the first attempt at log in. Each of these subsequent 3 log in attempts likewise led to a page with the same "Temporarily suspended" message and request for a phone number. I have Norton Security Premium and entries on Google Search results pages have little green boxes or Norton icons to signal a page is safe. I do know I only clicked on such results.

 

I'd also have to say the page (requesting a phone number) that I ended up acting on looked like a genuine page on the Outlook site. (But looks can deceive of course). The request for a phone number also accords with the details in the MS Support article I gave a link to in my OP. I also have MBAM Premium which often gives a popup if you access a dodgy page.

 

So, on the page I eventually acted on, below the "Your account has been temporarily suspended..." message, there was an instruction that, to access my Outlook account, I was to enter a phone number in the space provided (there wasn't an option of using an email account). Then again, only a phone number is referred to in the Support article I linked.

EDIT: (Sigh!) Or, maybe (memory!) the space for the phone number wasn't directly under the "temporarily suspended" message. See the first entry on this page (link follows), which looks very much like the "message" pages I'm referring to. I might, then, have clicked "Continue" and then found myself on a page requesting a phone number: https://answers.microsoft.com/en-us/outlook_com/forum/osecurity-oother/logging-in-and-constantly-getting-the-error/9d3ad9e1-aeba-46f9-9410-a2bac1cc62ea

 

I entered my mobile number in the space provided.

 

Below that space, there was a rectangular (green?) button marked "Submit". I clicked on this and the page changed to one with a space for entering the code (it looked like others I'd seen before when I'd changed passwords etc).

 

I soon got the text on my mobile and typed the 4-digit code it gave into the corresponding space on the web page just mentioned. I then got access to my Outlook account. One of my first actions was changing my password.

 

Later, when exploring "Recent Activity" within my account, I noted two of the entries referred to access being blocked because the account had been temporarily suspended.

 

My worry really only arose later when I found the Support article, and noted: (1) the SMS text I'd got looked so different from the illustration in the MS Support article, (2) there only being 4 digits, not 5 as in the Support article illustration, (3) the SMS text I got being so "bare-bones" - just the words I quoted above and the 4 digits, and (4) the word "Verify" on the text in place of a sender's phone number.

 

If you can tell me how to post an image to the thread I'll post one that compares my phone's screen with the Support article image. [Edit] or just see https://answers.microsoft.com/en-us/outlook_com/forum/osecurity-oinfosafe/account-temporarily-suspended-genuine-code-text-or/446aeea8-ebb8-4e3d-be16-e5329b6551a4

 

Hope this helps, many thanks

 

itchy01


Edited by Itchy01, 02 June 2017 - 03:56 AM.


#4 Chris Cosgrove

Chris Cosgrove

  • Moderator
  • 6,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:06:17 AM

Posted 02 June 2017 - 11:43 AM

I think the best thing for you to do is to start a new topic in the 'Am I infected ?' section of BC, but include a link to this topic. You do this by copying and pasting the URL at the head of this page and saying something 'See this topic'. For example -

 

"See this topic for more information -

https://www.bleepingcomputer.com/forums/t/648149/account-temporarily-suspended-genuine-access-code-text/#entry4252338"

 

On the assumtption that you are going to start such a topic I am going to close this one to avoid the possible confusion of having two topics open on the same problem in different parts of BC.

 

Chris Cosgrove






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users