Microsoft Account Security Alert
The Microsoft Security Alert Tech Support Scam is a web browser based scam that tries to trick you into calling a remote support number. This alert states that a virus has been detected on your computer and that your passwords, browser history, and credit card information will be compromised unless you call a remote support number for help. As this is a scam, you should not call the listed phone number.
- Snopes Microsoft Account Security Alert
- Microsoft Account Security Alert Text
- Microsoft Account Security Alert
When the Microsoft Security Alert Tech Support Scam is displayed in your browser it will display an alert that contains text similar to the following:
Microsoft Security Alert !
The Microsoft Security Alert Tech Support Scam is a web browser based scam that tries to trick you into calling a remote support number. This alert states that a virus has been detected on your.
Call Windows Help Desk Immediately at +1-844-400-9542
The following data will be compromised if you continue:
1. Passwords
2. Browser History
3. Credit Card Information
This virus is well known for complete identity and credit card theft. Further action through this computer or any computer on the network will reveal private information and involve serious risks.
Call Windows Help Desk Immediately at +1-844-400-9542
Once again, this is just a fake alert and the page does not know if you have a virus, does not know what is running on your computer, and is just trying to trick you into calling the phone number. At this same time, for those who have never seen a message like this, they can be quite alarming as these scams make it difficult to close browser tabs or the browser itself.
Thankfully, almost all browser based tech support scams can be closed by simply opening Windows Task Manager and ending the browser process. It is important, though, that if you end the browser process that you do not reopen previously closed sites if prompted by the browser when you start it again.
On the other hand, if you are constantly seeing these types of tech support scams, or these pages are opening by themselves, then it may be possible that you are infected with an adware or other unwanted program that are displaying them. Once again, do not worry as it is quite easy to remove these infections if you follow the guide below.
Snopes Microsoft Account Security Alert
Why am I Seeing the Microsoft Security Alert Tech Support Scam?
The Microsoft Security Alert Tech Support Scam is shown through advertisements that redirect you to sites that display this scam. These advertisements can be displayed by installed adware programs or through less than reputable sites that are displaying them to generate advertising revenue.
For the most part, if you see a browser based tech support scam, then you can simply close the browser and start it again. On the other hand, if you are continuously seeing scams with alerts like 'Microsoft Security Alert', then you should scan your computer for adware and remove anything that is found.
I have been getting emails from 'account-security-noreply@accountprotection.microsoft.com' (as verified in metadata) about unusual activity. The internet has very conflicting information about if these emails are legitimate or not. Microsoft's own website says this is their legitimate sender address for account activity alerts.
A legitimate email message should originate from the Microsoft account team at account-security-noreply@accountprotection.microsoft.com.
But here, the Georgia College help desk lists this exact email, from that exact sender address, as a phishing attempt.
Many people at GC are receiving one of the more popular phishing scam emails. It appears to be from Microsoft, a “Security Alert” wanting you to revalidate your account. Know that this is not from Microsoft. It’s a very elaborate phish. Do not click on any link in this email. Please delete it. If you did click on the email, please reset you Unify password (and subsequent email password) at password.gcsu.edu.
From: Microsoft account team account-security-noreply@accountprotection.microsoft.com
Sent: Monday, April 3, 2017 3:36 AM
Subject: Microsoft account security alert
Other places online have similarly conflicting info. Some places list these emails as scams, but the example screenshot has a different sender address that is missing the 'microsoft.com' from the domain, which looks more fake.
So which is it? Are those emails from exactly 'account-security-noreply@accountprotection.microsoft.com' fake, or not?
Microsoft Account Security Alert Text
2 Answers
You can not trust that a sender address is correct. They are trivially easy to fake.
The SMTP (email) protocol allows the creator of an email to state any sender address they want. There is no validation that the sender actually controls that address. And even if the receiving mailserver does some form of sender validation, like checking if the IP address of the sender matches the domain they claim to be from, there are also some quirks in the UI of many email readers which can be exploited to display a (fake) email address as the name of the sender.
When you receive some email which claims that you need to do something on some account on some website, and this appears to be plausible (you actually have an account on that site), then take a good look at the URL the link leads to. The domain name says who controls that link. The domain name is the thing which comes before the first slash.
These URLs all lead to Microsoft:
The following URLs are examples which do not lead to Microsoft. They all lead to a domains which might be controlled by someone else:
The last one is an example of a rarely used URL format which includes an username and a password (which are in this case both microsoft.com). The actual URL being requested is after the @ symbol.
If you decided that the link is probably fine, you click on it and get lead to a login form which looks trustworthy at first glance and did apparently not yet install any malware using drive-by download, then you should also check if the site is loaded over HTTPS (any reputable site will use https-only on their login form) and check if the certificate is actually signed for the company the site claims to be.
Some guides for detecting phishing attempts say that you should look for signs like broken images or non-functional links. I consider this bad advise, because it is based on the prejudice that all phishers are shoddy webmasters. The scene got a lot more professional in the past years. You should focus your attention on those things they can not fake with sufficient effort.
PhilippPhilippThe sender on the email should not be used to determine if an email is legitimate, only can be used to determine when the email is not. An email claiming to be from Paypal and coming from a gmail.com address is obviously fake. An email claiming to come from Microsoft sent from a microsoft.com address could or could not be real.
How to tell the difference? The body of the email.
If the email contains links that point to any service not linked to Microsoft, or shortened links, or links with IP addresses, the email is a phishing attempt.
If the email contains writing errors, usually it is false. If the email is about any service you don't have signed for, it's fake too.
Usually, legitimate emails that contains links will have something on the lines of 'copy this link and paste into your browser'. If the email contains this line and the link text points to a Microsoft service and the underlined link points exactly to the same address, usually the email is real.
If the email is telling you about something wrong on your account, log in on your account and check, without clicking in the link on the email. Type the address by hand. If there's something wrong, you will see on the site.
ThoriumBR
Microsoft Account Security Alert
ThoriumBRprotected by Community♦Sep 13 '18 at 13:19
Thank you for your interest in this question. Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).
Would you like to answer one of these unanswered questions instead?