Yoodley is reader-supported. When you buy through links on our site, we may earn an affiliate commission.
Emails that are sent in the guise of phishing are a type of internet scam that fool people into entering their information on a website that is not legitimate. A great number of customers have reported experiencing this issue and have questioned the authenticity of emails purportedly sent from Microsoft.
“[email protected]” is the address that, according to Microsoft, is used for the transmission of official emails coming from the corporation. However, you should be on the watch for email notifications that have addresses that are nearly identical to the correct one.
Numerous times in the past, cybercriminals have targeted the Microsoft credentials of users as their objective. For example, the SANS Internet Storm Center discovered a phishing attempt in December 2018 that employed emails masquerading as nondelivery invoices issued from Microsoft Office 365.
After a few months had passed, Bleeping Computer came across an operation in which phishing emails made the false claim that the Office 365 team had discovered a significant amount of files being removed from their account.
Early in the month of July, the website that provides assistance with computers received a tip of yet another phishing attempt. This time, the attack emails included a bogus warning that a contact in the user’s address book had sent them a new audio message.
What is Phishing?
Fake emails like “Unusual sign-in activity,” “Your password has changed,” or any other email content that resembles the real email from Microsoft are used to trick you into downloading malware.
It’s all designed to grab your attention, from the subject line to the topic line to the email’s sender and everything in between. Additionally, a false Microsoft website with a fake login form is included in the email.
It’s possible that your Microsoft account could be hacked if you aren’t attentive enough after seeing this type of email and clicking on the link (particularly if you input your login and password).
It’s generally enough to only get your username and password. One Microsoft account may hold all of your Microsoft products and services, including your Windows PC, Office programs, OneDrive, Xbox, and so on.
However, there are several techniques to guard against phishing emails gaining access to your Microsoft account. Let’s get to the heart of the matter first, shall we?
How to Identify a Fraudulent Email Notification?
There are a variety of reasons why companies like Microsoft send email notifications to their customers. Receiving an email is a common occurrence. Cyberattackers, on the other hand, use this method to pretend to be from Microsoft and send you a scam email.
For some customers, the continuous notifications they receive from a variety of businesses outweigh the inconvenience of these scam emails. If you get one of these fraudulent emails, you will be prompted to re-enter your password in order to verify that there has been no other odd activity on your account.
Your login information will be stolen if you follow the link in the email and enter it on a bogus landing page. In order for cyberattackers to gain access to your personal information, they’ve set up fake Microsoft login sites. They can access your account if you enter your login information.
Identifying the source of your email alerts is therefore critical, especially if these messages compel you to click on a link and request sensitive information from you. Prior to providing any personal information or clicking on a link, be aware of the genuine URLs and email addresses of the companies you’re dealing with, and pay attention to these sources and addresses.
Your email’s subject line is a good place to start. Check to see if the email has any links that lead to Microsoft. In order to verify that the link goes to Microsoft, you can manually type in the URL. Check to see if the message is written professionally or if it appears to be a marketing ploy.
Tricks to secure your Microsoft Account from Fraud and Scam.
Set a Strong Password for Outlook
Set a Password that is Long and Complex for Outlook.
First and foremost, ensure sure your account password is strong enough. It’s a terrible idea to use a password that’s easy to guess, short, or something you’ve used before on other websites. It is recommended that a password consists of at least 12 characters, including capital and lowercase letters as well as numerals and symbols, in order to be secure.
Change your password now if you haven’t done so in a while. If you haven’t already done so, go to login.live.com and create an account. You may then access your account settings by clicking on your profile picture in the top-right corner of the page and selecting My Microsoft account.
Click on the Change Password link that appears at the top of your list, to the right of your name, on the resulting page. Go to Security, then Change my password if you don’t see it there.
Once you’ve confirmed that you have the correct password, type in a new one. There’s also an option to have your passwords changed every 72 days if you want to. A password manager (if you don’t already have one) is a great way to keep your password fresh and secure, but if you don’t have one, this isn’t a need.
Use an Alternate Method to Log Into Windows
Outlook email passwords are the same as PC login passwords if you have a Microsoft account. In spite of its convenience, this presents a two-pronged risk.
One disadvantage of a strong password is that it makes it more difficult to type it in. Because of this, it’s possible that you’ll try to abbreviate your email password so that you can sign into your PC more quickly. A keylogger or other technique of stealing your PC password would also give hackers access to your email password.
Using a different technique of locking your PC can help with both of these problems. Windows Hello provides a variety of alternatives for logging in. PIN and picture locks on all PCs as well as fingerprint and face locks on compatible devices are included in this feature set.
Changing your sign-in method is as simple as going to Settings > Accounts > Sign-in options in Windows 10. To enable a certain method, select it from the list and then click Add.
Windows PINs strike a decent compromise between security and usability when used properly. Because a PIN is unique to your device, anyone who steals it can’t access your Outlook email. “
Enable Two-Factor Authentication
The concept of two-factor authentication has probably been introduced to you by now (2FA). Two-factor authentication (also known as 2FA) adds an additional layer of security to your online accounts. Your Microsoft account will no longer be accessible with just your password if this option is turned on. This safeguards your account in the event that your password is compromised.
In order to get started with two-factor authentication on your Microsoft account, go to your Microsoft account page and click on “Security.” Get started in the Advanced security settings box that appears on the Security fundamentals screen.
Two-step verification can be found in the Additional security area, which can be found by scrolling to the bottom of the page. In order to begin the procedure, click Turn on under this heading. You will be guided through the process of receiving codes via text message, authenticator app, or another method.
Review Account Activity Regularly
Outlook’s history can be viewed at any time, much like most other internet accounts. Only your personal activity can be confirmed in this way.
Go back to your Microsoft account’s Security section at the top of the page to be sure. Under Sign-in activity, click on View my activity. Check your recent sign-ins to see if there are any suspicious patterns.
Each entry can be expanded to reveal the platform and browser used, as well as whether or not the sign-in was successful. It’s your responsibility to let Microsoft know if something isn’t right by clicking the field and requesting that they take action.
Don’t Share Your Account With Anyone
This may seem apparent, but I think it’s worth mentioning for the sake of completeness. Allowing others to access your email accounts is a simple method to leave yourself vulnerable to identity theft. The more people who use your email account, the more vulnerable it is to phishing schemes, account security settings being disabled, or other mistakes being made.
When it comes to email, you should keep it private. A new password is a good idea if you’ve ever given out your email password to a friend or allowed someone to log into an account of yours online. Set up a separate account that is solely used for certain purposes if you require a shared inbox.
Password Protect Your PST File
However, if you use Outlook’s desktop edition on your PC instead of Outlook.com, there’s a particular suggestion for you. Your email is stored in a PST file in the desktop edition of Outlook. If you’d like, you may make these files even more secure by giving them a password.
A PST password does not provide enough protection against malicious attacks; rather, it is meant to prevent unintended intrusions by other individuals who share your computer. As a result, the best defense for your PC’s local email is a strong password. Additionally, Microsoft Exchange accounts are not supported by this method (like those used with corporate email).
Select File > Account Settings > Account Settings in Outlook on the desktop to encrypt a PST. To safeguard a PST file, select the Data Files tab and then click Protect This PST (there may only be one). Simply click “Settings” above, then “Change Password.” Click OK to save your new password, which can only have a maximum of 15 characters.
Check Trusted Devices Registered to Your Account
Your Microsoft account can be accessed from a variety of different devices. If you’re not sure where you’re currently logged in, it’s a good idea to have a look. With this, you may make certain that your account isn’t linked to any outdated mobile devices or desktop computers.
On your main Microsoft account page, click All devices beneath the Devices box to see all of the devices that are linked to your account. Take a look to make sure that all of your devices, including computers, mobile phones, and Xboxes, are yours. Delete the device if you don’t know what it is or don’t use it anymore.
It’s also a good idea to delete all of your app passwords if you have 2FA activated on your account. Select “Advanced security options” from the Security section of your account page and click “Get started.”
Delete any previously saved app passwords by selecting Remove from the drop-down menu under App passwords. Older devices that don’t support 2FA, such as the Xbox 360 or older email programs, will be signed out of this process.
Last but not least, if you want to end any future access to your account, click Sign me out beneath the same name heading. Unless you have an Xbox console, you will be logged out of your Microsoft account when you do this.
It may seem like a lot of work, but limiting the attack surface on your account is a good idea. In other words, the more places you sign in to, the more vulnerable your account becomes.
Keep Your Account Recovery Information Current
Using a recovery email address or phone number is the fastest way to regain access to your Outlook account in the event of a system failure. In order to get back into your account, you’ll need to add these to your account before you’re locked out. By logging into your Microsoft account once more, you may either create a new recovery address or double-check the ones you already have.
Get started under Advanced security settings under the Security tab to add an additional email address for security purposes.. A list of your current security options will appear; click on one to learn more about it. Delete any that you no longer need.
Add a new form of authentication or verification at the bottom of the list. Microsoft recommends that you have at least two alternate methods of communication in case they need to reach you. Makes getting back in considerably easier in the event you lose your password or your account is breached.
Having a secondary email account with a free email provider is a good idea if you don’t already have one.