Several people have reported on my Facebook page that they have received a strange email from Microsoft to notify them of an unusual connection on their Outlook, Hotmail, Live or other account. We explain what to do when you receive one, and how to protect yourself if the suspicious connections turn out to be legitimate.
Since the very beginning of the internet, there have been a ton of scammers who send us phishing attempts bearing the image of Microsoft in order to get their hands on our login credentials so that we don’t really know anymore on which foot to dance.
Faced with emails that are nonetheless truthful, many decide to ignore the warnings received to avoid falling into a trap and being tricked.
It’s fine to ignore, but the problem is that in some cases, these famous warnings are useful! What to do and how to disentangle the true from the false? We sort it all out.
A preview of the famous email from Microsoft that several people received at the same time.
How to know if it is real or fake Microsoft email
Several people have reported receiving an email from Microsoft advising that unusual login activity has been seen on their account. You can read there:
Unusual sign-in activities on Microsoft account
Verify your account
We detected unusual activity during a recent sign-in of the Microsoft account ***@***.com. For example, you may be logging in from a new location, a new device, or a new app.
For your security, we have blocked access to your inbox, contact list, and calendar for this login name. Check your recent activity and we’ll help secure your account. To regain access, you will need to confirm that you are the author of the recent activity.
Review recent activity
The Microsoft Accounts Team
In this specific case, if the recipient’s address is [email protected] it’s a real email.
Note that the recipient’s address remains one of the fastest ways to find out if it’s a real or fake email. It works in all cases of doubt, not only here with Microsoft.
Then, because it’s always good to know, note that a communication from Microsoft would come from an address ending in @accountprotection.microsoft.com.
How to verify without clicking in the email
As I say in my One Click to Disaster talk, all phishing cases start with a simple click in the wrong place.
In short, as soon as we receive an email with a button to click on to connect to our account, the best thing is to do everything ourselves, especially if we have the slightest doubt.
For example, in this case, rather than clicking in the email, it’s up to us to go directly to the Microsoft site to check the connection activities.
To do this, we must log in to the Microsoft Account section using our email credentials. When it is done, we must click on Securitythen on Login activity.
Each of the recent activities that are displayed should correspond to a connection from us. If any of these look unfamiliar to us, we need to tighten the security of our account.
How to verify our Microsoft account sign-in activities ourselves.
What to do if you do have suspicious connections
Even if we see a host of connection or synchronization attempts from all over the world, there is no need to panic right away.
In fact Microsoft shows us which connection attempts were successful or not. Just click on them for details. Normally it’s a question of wrong password or sync failure.
On the other hand, if the connection is registered as successful, something must clearly be done.
We either have the option of clicking on the button Secure my account and follow the directions or you can also do it yourself manually.
The first step is first to change our password and choose one that is strong, even indecipherable, and above all unique, so that we don’t use it anywhere else.
Thank you to the password managers who are there to create them for us and store them without us having to rack our brains or remember them.
Then, it is absolutely necessary to activate two-factor authentication because contrary to what many people think, a strong password will never be as effective as if you add two-factor authentication.
Finally, if someone managed to connect to our account, it is most likely also because at some point, we clicked in the wrong place and someone took our authentication information. .
To prevent this from happening again in the future, it is important to have a good protection suite as they warn us when we go to misleading and unsafe websites.
How to quickly find out if our Outlook, Hotmail and Microsoft account has been hacked
How to add two-factor authentication and make your Outlook account more secure