Microsoft Account Security Alert

The Microsoft Security Alert Tech Support Scam is a web browser based scam that tries to trick you into calling a remote support number. This alert states that a virus has been detected on your computer and that your passwords, browser history, and credit card information will be compromised unless you call a remote support number for help. As this is a scam, you should not call the listed phone number.

When the Microsoft Security Alert Tech Support Scam is displayed in your browser it will display an alert that contains text similar to the following:

Microsoft Security Alert !

The Microsoft Security Alert Tech Support Scam is a web browser based scam that tries to trick you into calling a remote support number. This alert states that a virus has been detected on your.

Call Windows Help Desk Immediately at +1-844-400-9542

The following data will be compromised if you continue:
1. Passwords
2. Browser History
3. Credit Card Information

This virus is well known for complete identity and credit card theft. Further action through this computer or any computer on the network will reveal private information and involve serious risks.

Call Windows Help Desk Immediately at +1-844-400-9542


Once again, this is just a fake alert and the page does not know if you have a virus, does not know what is running on your computer, and is just trying to trick you into calling the phone number. At this same time, for those who have never seen a message like this, they can be quite alarming as these scams make it difficult to close browser tabs or the browser itself.

Thankfully, almost all browser based tech support scams can be closed by simply opening Windows Task Manager and ending the browser process. It is important, though, that if you end the browser process that you do not reopen previously closed sites if prompted by the browser when you start it again.

On the other hand, if you are constantly seeing these types of tech support scams, or these pages are opening by themselves, then it may be possible that you are infected with an adware or other unwanted program that are displaying them. Once again, do not worry as it is quite easy to remove these infections if you follow the guide below.

Snopes Microsoft Account Security Alert

Why am I Seeing the Microsoft Security Alert Tech Support Scam?

The Microsoft Security Alert Tech Support Scam is shown through advertisements that redirect you to sites that display this scam. These advertisements can be displayed by installed adware programs or through less than reputable sites that are displaying them to generate advertising revenue.

For the most part, if you see a browser based tech support scam, then you can simply close the browser and start it again. On the other hand, if you are continuously seeing scams with alerts like 'Microsoft Security Alert', then you should scan your computer for adware and remove anything that is found.

I have been getting emails from 'account-security-noreply@accountprotection.microsoft.com' (as verified in metadata) about unusual activity. The internet has very conflicting information about if these emails are legitimate or not. Microsoft's own website says this is their legitimate sender address for account activity alerts.

A legitimate email message should originate from the Microsoft account team at account-security-noreply@accountprotection.microsoft.com.

But here, the Georgia College help desk lists this exact email, from that exact sender address, as a phishing attempt.

Many people at GC are receiving one of the more popular phishing scam emails. It appears to be from Microsoft, a “Security Alert” wanting you to revalidate your account. Know that this is not from Microsoft. It’s a very elaborate phish. Do not click on any link in this email. Please delete it. If you did click on the email, please reset you Unify password (and subsequent email password) at password.gcsu.edu.

­­­­­­­­­­­­­­­­­­­­­­­­From: Microsoft account team account-security-noreply@accountprotection.microsoft.com

Sent: Monday, April 3, 2017 3:36 AM

Subject: Microsoft account security alert

Other places online have similarly conflicting info. Some places list these emails as scams, but the example screenshot has a different sender address that is missing the 'microsoft.com' from the domain, which looks more fake.

So which is it? Are those emails from exactly 'account-security-noreply@accountprotection.microsoft.com' fake, or not?

WakeDemons3
WakeDemons3WakeDemons3

Microsoft Account Security Alert Text

2 Answers

You can not trust that a sender address is correct. They are trivially easy to fake.

The SMTP (email) protocol allows the creator of an email to state any sender address they want. There is no validation that the sender actually controls that address. And even if the receiving mailserver does some form of sender validation, like checking if the IP address of the sender matches the domain they claim to be from, there are also some quirks in the UI of many email readers which can be exploited to display a (fake) email address as the name of the sender.

Microsoft Account Security Alert

When you receive some email which claims that you need to do something on some account on some website, and this appears to be plausible (you actually have an account on that site), then take a good look at the URL the link leads to. The domain name says who controls that link. The domain name is the thing which comes before the first slash.

These URLs all lead to Microsoft:

The following URLs are examples which do not lead to Microsoft. They all lead to a domains which might be controlled by someone else:

The last one is an example of a rarely used URL format which includes an username and a password (which are in this case both microsoft.com). The actual URL being requested is after the @ symbol.

If you decided that the link is probably fine, you click on it and get lead to a login form which looks trustworthy at first glance and did apparently not yet install any malware using drive-by download, then you should also check if the site is loaded over HTTPS (any reputable site will use https-only on their login form) and check if the certificate is actually signed for the company the site claims to be.

Microsoft Account Security Alert

Some guides for detecting phishing attempts say that you should look for signs like broken images or non-functional links. I consider this bad advise, because it is based on the prejudice that all phishers are shoddy webmasters. The scene got a lot more professional in the past years. You should focus your attention on those things they can not fake with sufficient effort.

PhilippPhilipp
45.6k8 gold badges118 silver badges144 bronze badges

The sender on the email should not be used to determine if an email is legitimate, only can be used to determine when the email is not. An email claiming to be from Paypal and coming from a gmail.com address is obviously fake. An email claiming to come from Microsoft sent from a microsoft.com address could or could not be real.

How to tell the difference? The body of the email.

If the email contains links that point to any service not linked to Microsoft, or shortened links, or links with IP addresses, the email is a phishing attempt.

If the email contains writing errors, usually it is false. If the email is about any service you don't have signed for, it's fake too.

Usually, legitimate emails that contains links will have something on the lines of 'copy this link and paste into your browser'. If the email contains this line and the link text points to a Microsoft service and the underlined link points exactly to the same address, usually the email is real.

If the email is telling you about something wrong on your account, log in on your account and check, without clicking in the link on the email. Type the address by hand. If there's something wrong, you will see on the site.

ThoriumBRAccount

Microsoft Account Security Alert

ThoriumBR
26.8k8 gold badges62 silver badges83 bronze badges

protected by CommunitySep 13 '18 at 13:19

Thank you for your interest in this question. Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).
Would you like to answer one of these unanswered questions instead?

Not the answer you're looking for? Browse other questions tagged emailphishingmicrosoft or ask your own question.