MS account, IMAP automatic sync with unsuccessful sync

kmax86

kmax86

kmax86

Associate
Joined
8 Sep 2011
Posts
1,961
Location
Northern Ireland
Hi

Was doing some security checks and noticed that my MS account is getting quite a few unsuccessful syncs via IMAP sync from Asia.

MS says "Don’t worry. This sign-in attempt was unsuccessful, so there is no need to change your password". Googled around but Im getting mixed answers from it is all good to Im screwed.

My question is, is this an attacker attempting to sync using only the email address? I have 2FA enabled but and Im not getting prompts for the code.

Or is it too late and the email has been compromised ?
 
An MFA OTP will only be sent once a successful password authentication has happened so if you’re not getting an OTP sent through you’re fine.

I’d say there’s nothing to worry about but if you’re worried then change your password anyway and use a unique password. Also, if you’re not using IMAP yourself then consider disabling it on your account. Ditto for POP3.
 
Thanks, I looked around it seems only POP can only be disabled for outlook web and its already disabled.

No options for IMAP it seems.

Also looked further and see nothing suspicious like connected devices and auto mail forward.

Passwords already been changes so I guess just have to be vigilant and keep monitoring.
 
Is this a normal MS account or Work?

IMAP and POP fall under the same conditional access policies for MFA and MS disable pop and IMAP on their Outlook systems by default, so you really don't need to worry.
 
Normal web outlook non business.

Looks like IMAP is enabled based on the settings i see on outlook web
 
kmax86 said:
Hi

Was doing some security checks and noticed that my MS account is getting quite a few unsuccessful syncs via IMAP sync from Asia.

MS says "Don’t worry. This sign-in attempt was unsuccessful, so there is no need to change your password". Googled around but Im getting mixed answers from it is all good to Im screwed.

My question is, is this an attacker attempting to sync using only the email address? I have 2FA enabled but and Im not getting prompts for the code.

Or is it too late and the email has been compromised ?
Click to expand...


Have you noticed that this stopped eventually ( sorry for thread necro, i just googled this and it came up)?

I have noticed that this is happening to mine every few days from a different region of the world (china, thailand, russia , trinidad...) someone is trying to IMAP sync to one of my outlook accounts.

I use a unique password (which was changed fairly recently) for my email and two factor authentication so i doubt they can get through but it is a bit unnerving.

I don't suppose there is anything i can do though? Presumably they got my email and some sort of old password from some account i had on some website years ago from some data breach.

What is odd though, is that why do they keep trying?
 
Hi, I managed to make the IMAP sync attempts stop by changing my sign-in alias.
After changing it, the sync attempts have stopped according to the sign-in activity.

The bots are prbbly brute forcing the email with random passwords is my guess.
 
Hello, apologies for also commenting on the post. I have also noticed a similar unsuccessful sign in attempt from countries abroad. What exactly does the Alias do, and how does the account change if you change the alias?
 
Shinzra said:
Hello, apologies for also commenting on the post. I have also noticed a similar unsuccessful sign in attempt from countries abroad. What exactly does the Alias do, and how does the account change if you change the alias?
Click to expand...

https://support.office.com/en-gb/ar...look-com-459b1989-356d-40fa-a689-8f285b13f1f2

alias is just what the name suggests. 1 email account can have multiple aliases and they share the inbox and such. The link above explains it in detail.

When you have aliases you can pick which aliases are allowed to be used as a login
 
Apologies for commenting on an old post but I’ve had an unsuccessful IMAP sync from Vietnam. I’ve changed my password and I already had 2FA switched on. Do I need to be worried that someone has got into the account and is there anything more I can do to secure it please?
 
the-evaluator said:
I wouldn't worry. If it was unsuccessful and you have MFA enabled then you're fine.

If you're not actually using IMAP then it's worth disabling it.
Click to expand...

Thank you. I did look for that but I couldn’t see a way of doing it. You can disable POP which appears to already be done.
 
You must log in or register to reply here.
Back
Top Bottom