Is that Microsoft account security email a scam?
Microsoft account phishing is one of the most common corporate and consumer email attacks. Variants include: 'Unusual sign-in activity detected on your account' requiring you to verify your identity; 'Your OneDrive storage is full' with a link to manage files; 'Your Microsoft 365 subscription has been suspended'; and 'A new device signed in' security alerts.
These are particularly effective in workplace environments, where employees receive real Microsoft security notifications regularly and are conditioned to act on them. A successful attack on a business Microsoft account can give scammers access to email (enabling BEC fraud), SharePoint files, Teams conversations, and linked services.
The fake login page is typically a very close replica of the real Microsoft sign-in page. After entering credentials, victims are often seamlessly redirected to the real Microsoft site to avoid detection.
π© Red flags to watch for
- βΆThe sender address isn't @microsoft.com or a verified Microsoft domain β watch for account-security@microsofts.com, noreply@microsoft-support.net.
- βΆThe link destination doesn't go to microsoft.com or login.microsoftonline.com.
- βΆYou're asked to re-enter your password or complete a 'verification' outside of Microsoft's standard sign-in flow.
- βΆA phone number is provided to 'call Microsoft Support' β this is a tech support scam component.
- βΆThe alert is for an action you didn't take (new device, new sign-in from an unexpected country).
β What to do
- 1Go to account.microsoft.com directly to check your account security and sign-in activity β do not use the email link.
- 2Real Microsoft security emails link to microsoft.com and login.microsoftonline.com β check the URL very carefully before entering anything.
- 3If you entered credentials: change your Microsoft password immediately, check and revoke any unfamiliar app permissions under account.microsoft.com/security, and enable multi-factor authentication.
- 4In a workplace context, report to your IT security team immediately β a compromised Microsoft 365 account can affect the whole organisation.
π£ Where to report (by country)
πΊπΈ United States
π¬π§ United Kingdom
- Action Fraud
- Police Scotland β call 101
π¦πΊ Australia
π¨π¦ Canada
π Everywhere else
- Contact your local police and your bank immediately
- If money was sent, ask your bank about a recall request β act within hours
Got a suspicious message right now?
Paste it into our free AI checker for an instant pattern analysis
No account needed Β· Free to try Β· Privacy-first
Check your message free βNo tool is a guarantee. AI pattern detection is a guide, not a verdict β always use your own judgment.
Common questions
The email shows my actual username. Doesn't that prove it's from Microsoft?
No. Your Microsoft account email address is likely in numerous breach databases and known to many scammers. Displaying your username does not indicate access to your account β it's a simple personalisation trick.
How do I enable multi-factor authentication on my Microsoft account?
Go to account.microsoft.com, sign in, and navigate to Security β Advanced security options β Two-step verification. Use an authenticator app (Microsoft Authenticator, Google Authenticator) rather than SMS where possible.