Since the middle of last month, I have started recieving multiple microsoft password reset e-mails a day, sent to my secondary e-mail address, regarding my primary e-mail address.
These e-mails have no phishing-like links in. I believe them to be a legiitimate password reset e-mails. Which means someone is repeatedly trying to reset my password.
There appear to be no (recognizable) attempts to break into my secondary e-mail account.
Both accounts have 2FA enabled, and have randomly generated 30+ character passwords generated by and stored in a password manager. The primary account has enforced 72-day password changes enabled.
1.) Is it likely the attacks are just trying to guess the 7 digit security code each time. Or is something more sinsiter likely going on?
2.) In cases like this, is it any way to say that, no, I did NOT request such a reset. (Note: I’m wary that it is possible that only someone working at Microsoft might be able to answer this. If this IS the case, please ignore this part of the question)