Receiving a one-time verification code without requesting it is more common than it seems. Scammers send these messages to make you panic and hand over your credentials. The rule is simple: if you didn't start the process, ignore the email or SMS. Do not share the code, do not click on any links, and do not reply. It's a trap to access your Microsoft account and steal your personal data.
How the technical impersonation attack works 🛡️
The attacker uses automated scripts that try to log into your Microsoft account with leaked passwords. When they fail, Microsoft's legitimate system sends a verification code to your email or phone. The scammer then contacts you, pretending to be technical support, asking for that code to supposedly cancel a charge or fix an error. If you hand over the code, the attacker completes the login and takes control of your account.
Phishing also has its low-cost version 🎭
It's almost poetic to see how they try to scare you with false urgency so you give them exactly what they need. It's like a thief kindly asking for your house keys to check for leaks. And the best part is that the code they send you is real, but from Microsoft, not the scammer. They just wait for you to play along. Don't give them the satisfaction: delete the message and move on with your life.