• Guest, The rules for the P & N subforum have been updated to prohibit "ad hominem" or personal attacks against other posters. See the full details in the post "Politics and News Rules & Guidelines."

This looks legit from Microsoft?

Craig234

Lifer
May 1, 2006
37,997
245
106
I previously mentioned getting a lot of 'someone tried to log into your account' messages from all over the world, that appear to be legitimate; today, I got a new one.


Microsoft account team <account-security-noreply@accountprotection.microsoft.com>
Sun 2/16/2020 2:11 AM
  • You


Microsoft account
Security info replacement
Someone started a process to replace all of the security info for the Microsoft account...
If this was you, click the button below to bypass the waiting period by using your existing security info.
If this wasn't you, someone else might be trying to take over ... Click here and we'll help you protect this account.
If you don't recognize the Microsoft account ... you can click here to remove your email address from that account.
Thanks,
The Microsoft account team



When I click on the 'click here', it wants me to enter my password. I haven't yet, but it looks legitimate... just thought I'd run this by the forum. The text seems to suggest it will allow someone to 'replace all the security info' after a waiting period??
 
  • Haha
Reactions: killster1

sandorski

No Lifer
Oct 10, 1999
66,608
2,263
126
I got a phone call recently saying my Social Insurance Number(CDN equivalent of a Social Security Number)was being suspended due to suspicious activity. I hung up and went on with my life.
 
  • Like
Reactions: jameny5

pcgeek11

Lifer
Jun 12, 2005
16,130
1,341
126
Any link in an e-mail that asked for your password or security information should be ignored. PERIOD.

If you give it out you will get what you asked for.

Go to your account and change the password and security information on your own. Better yet use dual authentication if available.
 

balloonshark

Diamond Member
Jun 5, 2008
4,143
604
126
I agree with pcgeek. Never ever click on an email link requesting personal or account information. Always go directly to the source and log in then check everything out. The same goes for phone calls.
 

Craig234

Lifer
May 1, 2006
37,997
245
106
Some e-mails are legit. My credit cards can send e-mails saying 'to see your statement, click here' leading to a login. Usually the links (you see when you mouse over) are the giveaway, they don't even try usually. You see that in the article daveybrat posted.

The link in this e-mail goes to "https://account.live.com/Proofs/Manage?mkt=EN-US", which looks legitimate. Any better info than just general 'be careful, don't trust links'?
 

Craig234

Lifer
May 1, 2006
37,997
245
106
Since daveybrat posted specifically about it, here's one of the many recent 'unusual sign-in' e-mails.

Microsoft account team <account-security-noreply@accountprotection.microsoft.com>
Fri 2/14/2020 4:39 PM
  • You


Microsoft account
Verify your account
We detected something unusual about a recent sign-in for the Microsoft account ... For example, you might be signing in from a new location, device, or app.
To help keep you safe, we've blocked access to your inbox, contacts list, and calendar for that sign-in. Please review your recent activity and we'll help you secure your account. To regain access, you'll need to confirm that the recent activity was yours.
Thanks,
The Microsoft account team


Unlike the link in his article, the link in this e-mail goes to "account.microsoft.com/activity", so it looks legit.
 

VirtualLarry

Lifer
Aug 25, 2001
46,945
4,589
126
You do realize that those links that they show in the browser when you hover over, can be faked by JavaScript, right?
 

balloonshark

Diamond Member
Jun 5, 2008
4,143
604
126
When I get legit emails of tracking info from Amazon I always go directly to Amazon and sign in and find the tracking info myself or I sign in and then click on the link in the email just in case it's fake. I'll say it again. Never click on a link in an email and log in and/or give out personal or financial information. I also do the same with deal links posted here and on slickdeals.
 

Craig234

Lifer
May 1, 2006
37,997
245
106
You do realize that those links that they show in the browser when you hover over, can be faked by JavaScript, right?
Hadn't seen that. Guess they aren't very good usually. Wonder if hitting 'reply' and seeing who it goes to is a good test - or anything else.
 

pcgeek11

Lifer
Jun 12, 2005
16,130
1,341
126
Some e-mails are legit. My credit cards can send e-mails saying 'to see your statement, click here' leading to a login. Usually the links (you see when you mouse over) are the giveaway, they don't even try usually. You see that in the article daveybrat posted.

The link in this e-mail goes to "https://account.live.com/Proofs/Manage?mkt=EN-US", which looks legitimate. Any better info than just general 'be careful, don't trust links'?

We are trying to give you sound advice. Don't click on a link and give out your information.
Go to your Microsoft Account by manually entering the information instead of clicking the link in the email.

Don't answer either. They may be just fishing to see if you are a valid e-mail address...

Ignore it and delete it.
 
  • Like
Reactions: VirtualLarry

Craig234

Lifer
May 1, 2006
37,997
245
106
Assuming these are phishing; it's good to try to find more, better ways to tell which are real, though.
 
Last edited:

pcgeek11

Lifer
Jun 12, 2005
16,130
1,341
126
Assuming these are phishing; it's good to try to find more, better ways to tell which are real, though.

Well I guess you could just click on all the links etc and find out for sure.

Make sure you post up the results when you get your PC recovered from the infection.

:p
 

balloonshark

Diamond Member
Jun 5, 2008
4,143
604
126
If it something security related and really looks legit and you can't find anything when you go directly to the site you can always contact the company directly to find out if they sent you an email. It's better to be safe than sorry.
 
  • Like
Reactions: corkyg

Craig234

Lifer
May 1, 2006
37,997
245
106
If it something security related and really looks legit and you can't find anything when you go directly to the site you can always contact the company directly to find out if they sent you an email. It's better to be safe than sorry.
Yup. But trying to get a response from Microsoft... ugh.
 

balloonshark

Diamond Member
Jun 5, 2008
4,143
604
126
Yup. But trying to get a response from Microsoft... ugh.
I've had really good luck with contacting them about my Microsoft Rewards issues. Of course your issue is security related so it might be a little more complicated so YMMV.
 

balloonshark

Diamond Member
Jun 5, 2008
4,143
604
126
Just got a scary email from "Apple" with the title "Your Apple was disabled." from Αρplе Support <no-reply-msgmgczscg5fff9zz55 at dpkmppi.service.xpze4lhlinyh.mnyrz>

Dear xxx at email.com,

Your account Apple ID has been access from another devices.
For security reason we have locked your account.
Please verify your Apple ID account within 24 hours, If no verification is performed we will delete your account completely.
Click verification button below to verify your account.

(Then there is a verification button and when I hover over it the url is https://www dot linkedin dot com/slink?code=eu8bnNJ?auth_id=5zwGBmNj659O)​

Best Regards,
Apple support

Apple ID | Support | Privacy Policy (none of these are working links)
< support at apple.com>​

This email had a ton of red flags. No way I would click that verification link and enter my credentials. The email was from a shady address with a ton of random letters and numbers, it is wrote with broken English. The verification link goes to linkedin.com and none of the links at the end are actual working links. This is why it's best practice to go directly to apple.com and log in to see if there is an issue. If so you can connect apple directly from their site.

P.S. I modified the email and urls so they don't work.
 

ASK THE COMMUNITY