Hackers never sleep. They’re always looking for new ways to infect your computer with malware or steal your data (phishing). Did you know that hackers impersonate Microsoft more often than any other company? That makes perfect sense if you think about it since over 1.3 billion devices are running Windows worldwide. This means there’s a huge pool of potential victims.
Microsoft scam emails are actually more common than you may think. This guide will show you how to spot fake Microsoft emails and report them as quickly as possible.
Are There Fake Microsoft Emails?
Hackers and scammers often impersonate Microsoft by sending out fake emails asking users to install the latest updates, confirm their account details, or contact support. Don’t let these emails catch you off guard. Don’t click on any links, and don’t enter your login credentials or personal information.
How Can I Tell If an Email from Microsoft Is Genuine?
Sometimes, Microsoft-labeled email scams are so well crafted that it’s hard to distinguish between a genuine email and a fake message. The sender’s name and email content may seem related to Microsoft, but many red flags will start to pop up if you take a closer look.
Here’s how you can quickly spot fake Microsoft emails:
- Check the sender’s address. Fake emails often have intricate email domains, such as @account.microsoft.com, @updates.microsoft.com, @communications.microsoft. Mismatched emails domains indicate someone’s trying to impersonate Microsoft.
- Check the safety of web addresses. If you’re prompted to visit a specific webpage, make sure it’s safe to do that. There are plenty of tools that you can use to check if a webpage is safe, such as Trend Micro Check, Sucuri SiteCheck, and so on.
- Threats or urgent calls to action are major red flags. If the message you received sounds like a threat or informs you that your account will be closed unless you do what you’re told, that’s a major red flag. For instance, cyber-criminals often prompt you to upgrade your Outlook version and threaten you that incoming emails will be stopped if you don’t install the updates within 48 hours. If the tone is rather aggressive, that’s probably a scam or phishing attempt. Creating a fake sense of urgency is a common scam strategy.
- Beware of generic messages. Generic greetings and messages are major warning signs. If the email starts with “Dear Sir or Madam,” this indicates there’s something fishy there.
- Grammar and spelling errors. Beware of emails that contain grammar and spelling errors. Microsoft would never send such emails to users.
Does Microsoft Contact You by Email?
Microsoft doesn’t contact you by email to request additional account details or provide technical support. The company doesn’t initiate communication. Any communication with Microsoft has to be initiated by users.
Does Microsoft Send Emails About Updates?
Microsoft doesn’t send emails about updates. Don’t trust Microsoft-labeled emails that prompt you to install the latest app updates. Most likely, these are phishing attempts. Simply ignore them, don’t click or download anything.
How Do I Report a Suspicious Email to Microsoft?
To report a suspicious email to Microsoft, select the message, click on Report message, and select Phishing. If you’re using the web version of Outlook, tick the checkbox next to the respective email, select Junk, and then Phishing.
Alternatively, you can compose a new email and add firstname.lastname@example.org or email@example.com as the recipients. Then, drag and drop the suspicious email into the new message.
Use Microsoft’s technical support scam reporting tool to report tech support scams. Also, don’t forget to add the sender’s address to your Blocked list.
Cyber-criminals often send out fake Microsoft emails in an attempt to infect your devices with malware or steal your data. These Microsoft email scams often have a sense of urgency and contain quick calls to action. Always report suspicious emails to Microsoft to help the company update its cyber-threat database.
Have you ever received fake Microsoft emails? Did you report them to Microsoft? Tell us more about your experience in the comments below.
I keep getting e-mails talking about viruses being detected on my computer and about MS subscriptions of $300 or more being charged to my account. It says I have 48 hrs to cancel or it will be renewed. When I call the number on the e-mail, it’s always answered by someone of Asian decent and he ask me to log into the computer in order to cancel the subscription. Since I don’t trust it, I usually hang up in fear that it’s just a scam to hack or steal information off the computer. Also the number that I called is different from that they keep calling me back from.
Grant Naismith says
I received the same email as Karen Humbert saying my account was accessed by someone in Moscow , Russia and also giving the IP address and asking me to report if it wasn’t me by clicking on a box. I didn’t click but reported it as a probable scam.
Further research led me to Karen’s post and I’m now sure it was a scam.
Adam chambers says
Hi i received the same email as sandra staub on the 12 nov 2022 about disabling tls 1.0/1.1 for pop3 and map4 on the 10 dec 2022 and won’t to know if it was genuine thanks
Sandra Staub says
I received this November 11,2022. Is this real?
Disabling TLS 1.0/1.1 for POP3 and IMAP4 on December 10, 2022
Starting on December 10, 2022, Office 365 will begin retiring Transport Layer Security (TLS) 1.0 and 1.1 for POP3 and IMAP4. TLS is a standard protocol used to provide secure web communications for POP3 and IMAP4. POP3 and IMAP4 are the client/server protocols for receiving emails. We will enforce TLS 1.2 moving forward to provide enhanced encryption and help ensure your emails are received more securely. We have already disabled TLS 1.0 and 1.1 for most Microsoft 365 services in the worldwide environment.
When this will happen
December 10, 2022
What do I need to do?
Our records show that your email account has recently been accessed with POP3/IMAP4 through TLS 1.0 or 1.1.
POP3 and IMAP4 will not be able to connect with TLS 1.0 and 1.1 starting on December 10, 2022. You will not be able to receive emails with POP3/IMAP4 protocol after that. To continue accessing your email account using POP3 or IMAP4, please upgrade/update your client to support TLS 1.2. Your emails will not be removed, but you cannot access them without upgrading your client. You can find out technical details on how to upgrade in this article: Disabling TLS 1.0 and 1.1 for Microsoft 365 – Microsoft Purview (compliance) | Microsoft Docs
What if I cannot update/upgrade?
If you cannot update/upgrade your legacy client, we provide an opt-in endpoint for you to continue connecting with TLS 1.0/1.1. Your legacy clients must be configured to pop-legacy.office365.com for POP3 and imap-legacy.office365.com for IMAP4. Using legacy versions of TLS is not as secure as TLS 1.2, however, so we recommend you update and use TLS 1.2.
Jamie Everett says
I recvd an email with a pin code saying someone requested the pin and if it was not me to report.. I got so many suspicious emails that I am weary of replying and sending an email back. I am running MacAfee total protection if that even means anything. What is your advice? Fantacy3@msn.com
Pamela Brey says
I received an email stating that my IP address has been blocked by Microsoft due to accessing child pornography.
This, of course, is false. This should be investigated.
How do I forward this email to Microsoft? I am using Microsoft Edge and I have a Microsoft account but my email is through my internet provider.
I have received an email to say I need to change my password as someone has tried to access my account. I am 71 and don’t know how to deal with this. It has stopped my emails coming through, could you please help me. Thank you
Elizabeth Cook says
Keep getting Emails asking me to update my verification and password
Tina Crossman says
I clicked on the it is not me report user in an email that said it was from MS. Now I am seeing that it could be a scammer. What do I need to do? I check my emails on my cell phone so it’s not on my computer or laptop. But I do have my banking apps on my phone but not signed into them.
Karen Humbert says
I received an email supposedly from MS saying my account was accessed by someone in Russia yesterday. It showed the IP address and location and there was a link on the email asking for me to report “it isn’t me” I did so then changed my password just as an added precaution. is this a legitimate email? Do you let us know if someone tried to access our accounts?