Microsoft Account Unusual Sign-in Activity

Microsoft Account Unusual Sign-in Activity: Does It Phishing Spam?
Crooks opted for a new disguise - Microsoft Account Unusual Sign-In Activity messages

Email notification of a suspicious login attempt to your account is a good security solution to protect customers. It ensures that no one but you can enter your account unnoticed, which is even more important on days when hackers are running phishing campaigns to get the password to your Microsoft account. Unfortunately, this security alert system has become a focus for attackers. Users are now receiving fake messages from Microsoft and alerts for unusual activities, which usually end up in the spam folder. As a result, hackers have begun to use such a trick to gain access to user accounts. Below we will tell you how to identify a spam email about logging into your Microsoft account and protect yourself from negative consequences.

When does Microsoft notify about unusual sign-in activity?

To protect you, Microsoft can send an email about an unusual login for your account. This login attempt does not have to be from an insecure device. You will receive an email whenever the system notices an atypical pattern in your login activity. You may also be required to enter a confirmation code. This usually comes in the form of an SMS on the phone and is needed to verify that you are trying to access your account. Consequently, if they change, you should update the details (such as security questions and phone numbers). The following are some situations in which an alert may arrive for unusual login activity:

  • You are logging in with a device that you have never used before
  • Your location is significantly different from where you usually log in
  • You are giving the application or software access to your account
  • You are logging in from an unknown IP address

Suppose you have not done any of the above but received a security warning. In that case, spammers sent you this email and it may contain a phishing link. Alternatively, that could be the message which shows that someone attempted to log into your account and triggered the system.

Genuine Microsoft Email
This is what the original letter from Microsoft looks like

What should I do if I get mail about Microsoft’s unusual sign-in activity?

So, if this email from Microsoft were genuine, the system will block the login attempt, especially if it is a new device. To continue, you must follow the instructions on the login page to enter a security code, which will be sent to your phone or in another way you specified when you registered. Without the security code, you will not have access to your Microsoft account. This measure is made to prevent the crooks from account hijacking.

How can I spot a Microsoft account scam?

The following tips will help you learn to distinguish phishing emails from genuine emails. The main thing is not to give in to emotions and haste. Why phishing is still the most common cyber attack?

Check the sender

No matter how hard scammers try to copy Microsoft’s email format, they cannot spoof an official email address. To verify the authenticity of the alert, check the sender’s address. For example, the official email address for the Microsoft customer care team is [email protected]. Make sure each letter in the address is correct, as a hacker may use similar addresses with slight differences. If the email is different, know it is a fake email trying to lure you in.

Phishing emails
One of the many phishing senders

Investigate the message format

Hackers sending spoofed emails with phishing warnings mostly count on people’s fear and vulnerability. Consequently, they may miss some trivialities in the format of the messages. For example, a popular Microsoft email with spam about unusual login activities was sent by users who signed like Microsoft Security Essentials or Microsoft Team Office Center. This format is so sloppily written that a cursory analysis will show you that it is a fake. Microsoft’s account team always uses the original email about unusual login activity.

Microsoft Account Unusual Sign-in Activity

Microsoft Security Essentials, written in the fake email, is the name of the built-in security features in older Windows operating systems. Also, Microsoft Teams is a product with nothing to do with the Microsoft Team Office Center. Therefore, it is essential to carefully examine your email to look for red flags indicating that the email is fake.

Note where the link takes you

Most phishing emails have a link or button, usually marked “View recent activity”. If you click on this link, you will be taken to a fake Microsoft login page. Note the address. The original Microsoft login address is If your weblink differs from this one, it’s probably a fake. Alternatively, those links could lead you to the token hijacking page – visiting such a site instantly transfers the session tokens to crooks. Therefore, before clicking it, it is better to check it up through the Incognito mode or the other browser which does not have a Microsoft account authentication.

Check the Link
To understand where a link leads, you need to put the cursor on it and not move it for a couple of seconds

What to do when I get a spam email?

Do not enter your detail

If you realized it was a spam email before you clicked on the link, you only have to delete or ignore it (it will be deleted from the spam folder after 30 days). However, if you understand it only after clicking on the link, do not enter any of your data under any circumstances. This is especially important if you get to the login page, which requires your Microsoft account password. Unfortunately, with the aforementioned case of token hijack, you will barely be able to detect something. That’s why we suggest you to avoid clicking the link and proving that the message is fake in the other way.

Check the Microsoft recent activity page

If you have not performed any unusual login actions but received a warning, log in to your Microsoft account manually from the official site. Then check your recent login activity to ensure that no unauthorized person has tried logging in to your account. Still, if you’ve received a genuine message and someone tried to log in – you will not lose a thing, as the system has blocked the attempt.

Login attempts window
Any login attempts to your account will be displayed here

Contact Microsoft

Contact official Microsoft support if the email is not fake but has appeared even though no unusual activity has been noticed in your account. It’s most likely some system glitch. Also, if you have entered your details on a fake login page, support will tell you what you should do to secure your Microsoft account. Phishing and data theft are common on today’s Internet. Microsoft emails with spam about unusual login activity are a relatively recent method used by hackers to extract their account data from people.

By Stephanie Adlam

I write about how to make your Internet browsing comfortable and safe. The modern digital world is worth being a part of, and I want to show you how to do it properly.

Leave a comment

Your email address will not be published. Required fields are marked *