A few weeks back I got a message saying that someone may have accessed my Microsoft account and there are a bunch of steps I must take to secure it. It said the following:
‘We Think That Someone Else Might Have Accessed The Microsoft Account’
My first thought was, has someone accessed my email? Is this a legit Microsoft account security alert email? I did some research and found that hackers have been using this strategy to get people to share their password credentials.
I checked the email thoroughly and found that it was indeed a spam email.
So, how did I know that?
That’s exactly what I am going to share in this article, so you can determine the authenticity of such Hotmail emails.
Do Not Click Link In Email or Text In Case Of Phishing
The ground rule is, never to click any links in email or text messages.
Though Microsoft does send emails to let you know of possible security issues in your account, they NEVER ask for your password or any other Personally-Identifiable Information (PII).
Many hackers use this strategy to appear legitimate and send you an email that sounds exactly like the one from Microsoft. However, these messages will contain links and you will be prompted to click them.
When you do so, the hackers can either get sensitive information from you that can be used later to trick you, or they can download malware or ransomware to infect your system.
To avoid these security pitfalls, never click any link unless you are completely sure that it is from Microsoft.
Is The Email From @accountprotection.microsoft.com?
One of the areas you must look at is the sender’s email. Is it from accountprotection.microsoft.com?
If yes, open the email and follow the instructions. Double-check this email address for possible misspellings as this is how hackers trick you!
This is the only legit email and a message from any other email must be deleted right away!
Contact Hotmail (Microsoft) In Private To Double-Check
Another option is to send a message or contact the support team of Microsoft privately to double-check if the emails are from the Microsoft security team.
Make sure to use a different email account or the Microsoft customer contact form to reach out privately, just in case your email is compromised.
Check Recent Activity Page
You can also check the recent activity page to see if these are sign-ins from new locations that you have not visited during the said time.
Go to https://account.microsoft.com/security/ and select “View sign-in activity”. Look at the activities in the last 30 days for any suspicious access.
Note: You could also consider setting up Google Authenticator as additional form of security. Check out our guide: ‘How to set up Google authenticator for Hotmail.’
Spotting A Phishing Email: Tips
Here are some tips that can help you spot phishing emails easily.
- Any email that offers a reward is a phishing email. Remember, anything that sounds too good to be true is fake because there’s nothing called a free lunch in this world!
- Anything that asks you to enter your username, password, or any other PII is a phishing email.
- An order or an invoice for a purchase that you never made.
- Stay away from anything that appears suspicious.
Is Microsoft Account Security Alert Legitimate?
For the most part, yes! Still, you can never rule out the possibility that it is a phishing email and this is why there are other ways to verify the authenticity of this email.
Where Do I Report Microsoft Phishing Emails?
If you suspect that you’ve received a phishing email, click Junk > Phishing > Report, located just above the reading pane.
However, note that you are only flagging an email as a suspicious one and not blocking the sender from sending similar emails in the future. If you don’t want to receive emails from that email ID, you have to block the sender.
You can also go to https://www.microsoft.com/reportascam and report a phishing scam, especially if you get repeated emails from the same sender.