From: nospam@needed.invalid   
      
   On Tue, 2/24/2026 3:36 PM, Bill Bradshaw wrote:   
   > Bill Bradshaw wrote:   
   >> "Microsoft account   
   >> Security info was added   
   >> The following security info was recently added to the Microsoft   
   >> account br*w@gci.net:   
   >> Passkey   
   >>   
   >> If this was you, then you can safely ignore this email.   
   >> If this wasn't you, a malicious user has access to your account.   
   >> Please review your recent activity and we'll help you secure your   
   >> account. Review recent activity   
   >>   
   >> To opt out or change where you receive security notifications, click   
   >> here. Thanks,   
   >> The Microsoft account team   
   >>   
   >> Privacy Statement   
   >> Microsoft Corporation, One Microsoft Way, Redmond, WA 98052"   
   >>   
   >> I received the above message today.  How could a passkey be added to   
   >> this account?  As far as I know I do not use passkeys.  If I had one   
   >> I assume it would be stored in the TPM or something.  So is this even   
   >> possible for somebody to do with out access to the computer?  I think   
   >> this is a phlish but in looking at the properties and the full   
   >> message text I did see anything that showed me it came from Russia or   
   >> some place.  I do not want to click on "Review recent activity".   
   >>   
   >> Anyway I can track this down?   
   >   
   > Forget this.  I went into my account directly through Microsoft.  My account   
   > is setup through Hotmail but the account that is referenced is where I have   
   > the login code emailed to.  So I have no account with Microsoft through the   
   > referenced email br*w@gci.net.  And of course by looking at the properties   
   > of my posted emails you can get bradshaw@gci.net.   
   >   
      
   The details of the content can be legit or can be a phish.   
      
   I guess in your case this was a phish.   
      
   Going directly to the site at Microsoft, and looking for the   
   recent activity, would tell you whether or not access had   
   actually happened. Suggesting a passkey (FIDO key) had been   
   added is pretty cheeky, while hacking your account and   
   changing the phone number is more realistic if changing the   
   details. They could change items one at a time, over   
   a period of time.   
      
   The MSA has a different password than the email account uses.   
   Both passwords should be the long and strong type, so that   
   brute force or dictionary searches don't work against it.   
   The password could contain upper/lower case, numbers, punctuation.   
      
   By putting your email in USENET posts, I suppose someone   
   would try this. That could be why you were phished. Too bad   
   you don't use that account for any Windows MSA purpose... :-)   
      
      Paul   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)