Hey folks, I just received an email that appears to be from the Microsoft account team ([email protected]). It claims that someone may have accessed my Microsoft account associated with my Gmail (ad**[email protected]). They advised me to verify my identity with a security challenge and change my password when I log in next. I'm puzzled for a few reasons: I don't use that Gmail address for any Microsoft services, while the sender's address looks valid, I'm concerned it could be faked. There's also a 'Recover account' button in the email, but I'm hesitant to click it, fearing it might be a phishing attempt. Is this a common phishing scam, or could someone have linked my Gmail to a Microsoft account without me knowing? Should I ignore it, or is there a safe way to check this without clicking any links? Any advice would be much appreciated!
6 Answers
I suggest not clicking on anything in that email. Instead, check your Microsoft account directly by navigating to the website yourself. Look for any suspicious activity or unauthorized devices linked to your account. Also, make sure you have two-factor authentication with an app like Google Authenticator rather than SMS for better security. You might even consider upgrading to security tokens like Google Titan or YubiKey for added safety. It's worth the investment!
Go directly to account.microsoft.com in your browser, log in, change your password, and enable two-factor authentication if you haven't already. There's also an option to sign out of all sessions somewhere on the site. By visiting that website directly, you're steering clear of potentially harmful links!
Thanks! I went straight to the official site, and it took me through the same process as the email. It seems legit!
The safest move is definitely to avoid clicking links in such emails. Just go to your Microsoft account directly and change your password from there. I recommend using a reputable password manager like Bitwarden or KeepassXC to create and store complex passwords—this way, you're boosting your security.
Have you tried logging into the Microsoft account with that Gmail address? If you can see login activity, that might clarify things. But be cautious if it asks you to reset your password; it could be an indicator of an issue.
I attempted to log in and it prompted me to reset my password. Still confused about how my Gmail could be linked to Microsoft.
This looks very much like a phishing attempt. I'd say delete the email and change your password for that account just to be safe.
From what I know, Microsoft usually doesn't use subdomains like that for their emails, so it might be worth looking at the mail headers for further verification.
When I clicked a similar link before, it warned me my account was at risk and asked for my Gmail to send a 6-digit code. Just be cautious with any links!