this post was submitted on 28 Jul 2024
275 points (97.9% liked)

Mildly Infuriating

35617 readers
593 users here now

Home to all things "Mildly Infuriating" Not infuriating, not enraging. Mildly Infuriating. All posts should reflect that.

I want my day mildly ruined, not completely ruined. Please remember to refrain from reposting old content. If you post a post from reddit it is good practice to include a link and credit the OP. I'm not about stealing content!

It's just good to get something in this website for casual viewing whilst refreshing original content is added overtime.


Rules:

1. Be Respectful


Refrain from using harmful language pertaining to a protected characteristic: e.g. race, gender, sexuality, disability or religion.

Refrain from being argumentative when responding or commenting to posts/replies. Personal attacks are not welcome here.

...


2. No Illegal Content


Content that violates the law. Any post/comment found to be in breach of common law will be removed and given to the authorities if required.

That means: -No promoting violence/threats against any individuals

-No CSA content or Revenge Porn

-No sharing private/personal information (Doxxing)

...


3. No Spam


Posting the same post, no matter the intent is against the rules.

-If you have posted content, please refrain from re-posting said content within this community.

-Do not spam posts with intent to harass, annoy, bully, advertise, scam or harm this community.

-No posting Scams/Advertisements/Phishing Links/IP Grabbers

-No Bots, Bots will be banned from the community.

...


4. No Porn/ExplicitContent


-Do not post explicit content. Lemmy.World is not the instance for NSFW content.

-Do not post Gore or Shock Content.

...


5. No Enciting Harassment,Brigading, Doxxing or Witch Hunts


-Do not Brigade other Communities

-No calls to action against other communities/users within Lemmy or outside of Lemmy.

-No Witch Hunts against users/communities.

-No content that harasses members within or outside of the community.

...


6. NSFW should be behind NSFW tags.


-Content that is NSFW should be behind NSFW tags.

-Content that might be distressing should be kept behind NSFW tags.

...


7. Content should match the theme of this community.


-Content should be Mildly infuriating.

-At this time we permit content that is infuriating until an infuriating community is made available.

...


8. Reposting of Reddit content is permitted, try to credit the OC.


-Please consider crediting the OC when reposting content. A name of the user or a link to the original post is sufficient.

...

...


Also check out:

Partnered Communities:

1.Lemmy Review

2.Lemmy Be Wholesome

3.Lemmy Shitpost

4.No Stupid Questions

5.You Should Know

6.Credible Defense


Reach out to LillianVS for inclusion on the sidebar.

All communities included on the sidebar are to be made in compliance with the instance rules.

founded 2 years ago
MODERATORS
 

I sure don't feel safe just ignoring it, considering the frequency.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 39 points 4 months ago (2 children)

It is actually safe to ignore them. It means either someone has an email address similar to yours, or a bot of some sort has you email address and only your email address.

Essentially, someone or something goes to the login screen, enters your login, and says "I don't have the password, let me in!".
Sending a code to your email like this is the first step in letting someone in without the password, or more specifically to having them reset it.

Since the email is to check "did you ask for this?", doing nothing tells them that you did not.

If you want some extra peace of mind: https://account.live.com/Activity should show you any recent login activity which you can use to confirm that no one has gotten in.

Also, use two factor, a password manager, and keep your recovery codes somewhere safe. The usual security person mantra. :)

[–] [email protected] 29 points 4 months ago* (last edited 4 months ago) (1 children)

This is all good information and seems well intentioned, but it's worth pointing out in a post about account security that clicking links provided by others and giving it your login information is very unwise (even/especially links in emails like these). For the link you provided, it'd be better to recommend going through a primary microsoft page or login that can be confirmed by the user and getting to the activity history page from there

[–] [email protected] 9 points 4 months ago (1 children)

That is wonderful advice and I'm glad you pointed that out. :)

If I knew how to give directions to the page, I would, but unfortunately I don't know the Microsoft site layout, only the URL that their help center directed to.

In mitigation of my indiscretion: it's generally safer to trust a person you approach out of nowhere than to trust someone who approaches you out of nowhere.
Since they chose the venue and asked the question, the likelihood that an attacker is present in the replies is lower than the expectation that an unsolicited email is from an attacker.

But it's also entirely correct to be distrustful of anything anyone asks you to click on, triply so if it involves security or login pages.

[–] [email protected] 2 points 4 months ago

For MS guides there usually is an article under support.microsoft.com or learn.microsoft.com (usually more advanced, admin related documentation for company / enterprise level stuff) domains. Here's an article for checking activity.

[–] [email protected] 9 points 4 months ago (4 children)

Also, use two factor, a password manager, and keep your recovery codes somewhere safe. The usual security person mantr

Well, I found the recent activity and none of these were me. At least they all appear to say Unsuccessful sign-in.

[–] [email protected] 8 points 4 months ago

Yup, that would indicate that likely a bot is trying to guess it's way in.

You are still safe.

The only weird thing here is that Microsoft lets such things bother you instead of guessing that you didn't teleport to Brazil and instead putting a little extra burden on the Brazil end before sending you an email.

If you're still feeling worried, the biggest thing you can do is enable two-factor auth (which you should do anyway), or even better: enable something like passkeys which are very secure and also easier than username/password.

Two-factor/password manager is the "remember to brush and floss" of the security industry, so... Please do those things. :)

[–] creditCrazy 4 points 4 months ago

Considering most of the attempts are from India and Brazil I suspect a service you signed up for has sold your email to unsavory data brokers and now a bunch of scam companies are doing that MFA attack on you

[–] hinterlufer 3 points 4 months ago* (last edited 4 months ago)

You can create an email alias for your Microsoft account and then only enable login from that account. If you then do not use that email for anything but the login, you should be pretty safe from credential stuffing attacks.

I had a very similar issue with multiple failed login attempts and changing my login email stopped it right away.