Beware of "Microsoft Account Unusual Sign-in Activity" Phishing Scam

Updated: November 4, 2017 2017-11-04T07:34:16 -
Posted: September 8, 2016 2016-09-08T09:07:21
Views: 64,974
Comments: 28

The email message below: "Microsoft account unusual sign-in activity," is a fake. The email message was NOT sent by Microsoft and is a phishing scam created by cybercriminals to steal Microsoft, MSN, Hotmail, Live or Outlook usernames and passwords. Therefore, recipients of the fake email message are asked not click on the links or follow the instructions in it. Microsoft email users who have received similar emails and who want to know if there is something actually wrong with their accounts, may go directly to www.outlook.com, www.hotmail.com or www.live.com and sign into their accounts. If there is something wrong, or if there is something that needs to be done on their accounts, they will be notified after signing in.

It is recommended that Microsoft Hotmail, Live or Outlook users never click on a link to sign into their accounts. They should go directly to www.outlook.com, www.hotmail.com or www.live.com sign-in from there instead.

The "Microsoft Account Unusual Sign-in Activity" Phishing Scam

From: Outlook Administrator messagecennterdebt@outlook.com
Date: September 8, 2016 at 8:46:48 AM EDT
Subject: Microsoft account unusual sign-in activity

Unusual Activity Detected

We detected something unusual about a recent activity to the Microsoft account. To help keep you safe, we required an extra security challenge. You will need to verify your Microsoft email account below to confirm that the recent activity was yours and to regain access and enjoy our unlimited service.

Verify Now

What happened?

Using a shared computer to access your account.

Logging in your microsoft account from blacklisted IP.

Not logging off your account after usage.

Thanks for using your Microsoft account to bring the people who matter most together in one place. You can change your connection settings anytime and find more ways to connect at businnesmn.com/content/themes/ fourteen/genericons/font/dirrect.php.

See you online,
The Microsoft team

The links in the phishing email message go to the following fake and phishing website:

businnesmn.com

If you were tricked into entering your username and password on the fake MSN / Hotmail / Live / Outlook webpage, please change your password immediately.

Click here to change your password.

For a list of other MSN, Hotmail, Live or Outlook phishing or fake email messages, click here.

Note: Some of the names, addresses, email addresses and telephone numbers in email samples on this website may have been impersonated.

Please share what you know or ask a question about this article by leaving a comment below. Also, check the comment section below for additional information, if there is any.

Remember to forward suspicious, malicious, or phishing email messages to us at the following email address: info@onlinethreatalerts.com

Also, report missing persons, scams, untrustworthy, or fraudulent websites to us. Tell us why you consider the websites untrustworthy or fraudulent.

If you want to quickly find answers to your questions, use our search engine.

You can help maintain Online Threat Alerts by paying a service fee. Click here to make payment.

Comments, Questions, Answers, or Reviews

(Total: 28)

To help protect your privacy, please do not post or remove, your full name, telephone number, email address, username, password, account number, credit card information, home address or other sensitive information in or from your comments, questions, or reviews. Also, anonymous posts cannot be deleted or edited, and when you make a post, we will use your IP address to display your approximate location to other users.

The comments or reviews below do not necessarily reflect the views of Online Threat Alerts.

October 7, 2018 at 10:58 AM by info
Here is another scam:

"Security Information
Outlook service <cindysaint-germain@hotmail.com>
Today, 7:58 AM
Dear subscriber,

We have detected an unusual recent connection to your Microsoft account. For security reasons your mail will be temporarily blocked in order to continue using our services, please follow the procedure Click here

Thank you for using our services

Copyright 2018"
remove
August 21, 2018 at 4:48 PM by info
Here is another scam:

"From: Outlook.com -Hotmail- Office Support <jgibb369@longviewbuildersclinics.com>
Date: 21 August 2018 at 14:22:31 BST
Subject: Temporary error: Email Delivery failed!

e-Mail:
Unusual sign-in activity

Hello,

We detected something unusual about a recent sign-in to the Microsoft account.

Review recent activity

The information in this electronic e.Mail message is private and confidential, and only intended for the addressee.

Thanks,

Nick Lane
MicrosoftOutlook account team"
remove
June 15, 2018 at 3:58 PM by an anonymous user from Fullerton, California, United States
This must be a scam:

"Microsoft account team <account-security-noreply@accountprotection.microsoft.com> Unsubscribe
12:02 PM (1 hour ago)
to me
Microsoft account
Unusual sign-in activity
We detected something unusual about a recent sign-in to the Microsoft account *****@gmail.com.

Sign-in details
Country/region: Vietnam
IP address: 115.79.32.243
Date: 6/15/2018 12:02 PM (PST)
Platform: Windows
Browser: Firefox

Please go to your recent activity page to let us know whether or not this was you. If this wasn't you, we'll help you secure your account. If this was you, we'll trust similar activity in the future.

Review recent activity
To opt out or change where you receive security notifications, click here.
Thanks,

The Microsoft account team
remove
- June 20, 2018 at 7:44 PM by an anonymous user from Halifax, Nova Scotia, Canada
  I got a similar email (claiming that my account was signed into from Vietnam as well, but a different IP address) - only, my account is with Gmail!
  
  They must have gotten something mixed up there...Usually such emails come from Google. I did click the link (silly me!) but didn't enter passwords or anything. Hopefully my computer will be okay...
  remove
  - June 20, 2018 at 10:10 PM by info
    Yes, you are OK.
    remove
May 30, 2018 at 8:31 PM by info
Here is another scam:

"From: Microsoft Office365 [account-security-noreply@accountprotection.com]
Sent: Wednesday, 30 May 2018 1:10 AM
Subject: Microsoft account unusual sign-in activity

Microsoft account

Unusual sign-in activity

We detected something unusual about a recent sign-in to your Microsoft Office 365 account with email address .

Sign-in details:

Country/region: Russia

IP address: 213.183.58.12

Date: 9/01/2018 11:32 AM (PST)

If this was you, then you can safely ignore this email.

If you're not sure this was you, a malicious user might have your password.

To help keep you safe, we required you to review your Office 365 E-mail account by sign-in into your Office 365 E-mail account, you will be introduced to new term of Microsoft service agreement that will strengthen the security of your Microsoft E-mail account.

Review recent activity

We'll help you take corrective action after you review has your Office 365 E-mail account.

This message was sent to . To opt out or change where you receive security notifications, click here.

Thanks,

The Microsoft account team"
remove
April 10, 2018 at 11:42 PM by info
Here is another scam:

-------- Original message --------
From: Microsoft account team
Date: 4/6/2018 5:04 PM (GMT-06:00)
Subject: Your account will be deactivated

Microsoft account

Unusual sign-in activity

This is to inform you that your request on: 04/04/2018 09:18:02.PM. to remove your account meweaz@*****.***

from outlook.com server has been approved and will initiate in one hour from the exact time you open this message. Regards. ignore this message to continue with email removal or If this deactivation was not requested by you Please reply us. If You Receive
This Message In Your Junk or Spam Its Due to Your Internet Provider
remove
April 10, 2018 at 3:00 PM by info
Here is another scam:

"From: Microsoft account team <account-security-noreply@accountprotection.microsoft.com>
Sent: Monday, April 9, 2018 11:45 PM
Subject: Microsoft account unusual sign-in activity

Microsoft account

Verify your account

We detected something unusual about a recent sign-in for the Microsoft account jn*****@msn.com. For example, you might be signing in from a new location, device, or app.

To help keep you safe, we've blocked access to your inbox, contacts list, and calendar for that sign-in. Please review your recent activity and we'll help you secure your account. To regain access, you'll need to confirm that the recent activity was yours.

Review recent activity
Thanks,
The Microsoft account team"
remove
February 19, 2018 at 11:18 AM by an anonymous user from Miami, Florida, United States
I got the same number being used in a hoax, but with a typo related to being a non-English speaker... what idiots!
remove
December 15, 2017 at 11:07 AM by an anonymous user from Mount Laurel, New Jersey, United States
account-security-noreply@ accountprotection.microsoft.com SAID I NEEDED TO SIGN IN TO MY ACCOUNT?
remove
November 30, 2017 at 2:42 AM by an anonymous user from Winchester, England, United Kingdom
My latest one was a lot more convincing. The hyperlink was to https://account.microsoft.com/activity that looks a lot more plausible.
remove
October 9, 2017 at 10:45 AM by info
Here is another scam:

"From: ACCOUNT TEAM OFFICE <327453278@345nbd.com>
Sent: Monday, October 9, 2017 7:53:29 AM
To: team-member-noreply@outlook.com
Subject: ID: 133 - Email Security Alert! (Oct. 2017) MT

Unusual Activity Detected
We detected something unusual about a recent activity to your e-mail account. To help keep you safe, we required an extra security challenge. You will need to verify your email account below to confirm that the recent activity was yours and to regain access and enjoy our unlimited service. Failure to verify will lead to permanent suspension of your account

What happened? Verify Now
Using a shared computer to access your account.
Logging in your account from blacklisted IP.
Not logging off your account after usage.
Thanks for using your account to bring the people who matter most together in one place. You can change your connection settings anytime and find more ways to connect.

See you online,
The account team"
remove
July 23, 2017 at 10:49 AM by info
Here is another scam:

"From: Microsoft.com account Team
Sent: Sunday, 23 July, 08:49
Subject: Customer ID: 1202: Microsoft account security warning
To: account-security-noreply@account.microsoft.com

Verify your account
Dear user,

We detected something unusual about a recent sign-in for your account. Might be due to the following reasons.

1. A recent change in your personal information. (eg: address, phone)
2. Illegal attempt to use your account from a different location.
3. Virus attachment without specific recipient.

To help keep you safe, we've blocked access to your inbox, contacts list, and calendar for that, please verify your account to regain access. Kindly sign-in from your regular device.

Verify account now

Please follow the security verification to keep your account safe.

Thanks,
Customer account team"
remove
June 17, 2017 at 8:41 AM by an anonymous user from Glasgow, Scotland, United Kingdom
"account-security-noreply@accountprotection.microsoft.com." Is this a genuine email from Microsoft?
remove
- September 17, 2017 at 3:00 PM by an anonymous user from Dudley, England, United Kingdom
  I had that same email address come though a few days ago, but the fact I could still access my email account meant it had to be bogus. Best thing is to try and log in from the outlook site, if you think the email is fake.
  remove
- June 17, 2017 at 10:22 AM by info
  No. The address was created by cyber criminals to trick recipients of their scams into believing their fake or phishing email messages are real.
  remove
April 25, 2017 at 9:50 AM by info
Here is another scam:

"From: account-security-noreply@account.microsoft.com <pdedwards@optusnet.com.au>
Sent: 25 April 2017 07:33
Subject: Unusual sign-in activity!

Microsoft account Receiver: helenwilson35@hotmail.com Security info replacement

Someone started a process to replace all of the security info for the Microsoft account helenwilson35@hotmail.com
If this was you, you can safely ignore this email.
Your security info will be replaced with 447810683552 when the 30-day waiting period is up.
If this wasn't you, someone else might be trying to take over helenwilson35@hotmail.com

Click here and we'll help you protect this account."
remove
March 23, 2017 at 12:30 AM by an anonymous user from Bathurst, New South Wales, Australia
I have this phishing scam email pop up every time I open Live Mail. It must reside on my pc. There are lots of warnings about this scam but no information how to get rid of it. I have tried several anti-virus programs to no avail.
How do I get rid of or block this scam email?
Regards
Mal
remove
- March 23, 2017 at 5:54 AM by info
  What does the phishing message says?
  
  <a href="/article/2013/1/13/adwcleaner-delete-adware-toolbars-potentially-unwanted-programs-browser-hijackers/">Click here</a> to try a program called AdwCleaner that I think can remove the Malware on your PC.
  
  And, if the program above does not work, try and uninstall and then reinstall Live Mail.
  remove
March 5, 2017 at 10:25 PM by an anonymous user from Boston, Massachusetts, United States
Malicious popup to sign in to Hotmail to receive messages immediately after Firefox downloads. This happened after password was changed. Told twice to enter new password.
remove
February 8, 2017 at 10:26 PM by info
Here is another scam:

"From: Message311.ByHotmail.311605@gw.novell.com
Sent: February 8, 2017 9:48 AM
Subject: E-mail Account Alert! [ID-KEF311]

Unusual email account activity!

Error-ID: [311-KE-311]

We`re having a problem verifying your email account information.

You might not be able to see all your email messages due to several security concerns. We will start working on fixing the problem as soon as you verify your account details.

To ensure that your email service is not interrupted, we request you to confirm and update your information today by following the link below:

(c) The Microsoft account team 2017"
remove
December 8, 2016 at 11:53 AM by info
Here is another scam:

"From: Windows E-mail Service [mailto:bryanmark@terminal21sall.com]
Sent: Thursday, December 08, 2016 4:07 AM
To: noreplyoffice@msnteam.com
Subject: Action Required: Mail on Stopped (Final Warning)

Microsoft

Unusual Activity Detected
We detected something unusual about a recent activity to your microsoft e-mail account. To help keep you safe, we required an extra security challenge. You will need to verify your microsoft email account below to confirm that the recent activity was yours and to regain access and enjoy our unlimited service. Failure to verify will lead to permanent suspension of your account

Verify Now

What happened?
Using a shared computer to access your account.
Logging in your microsoft account from blacklisted IP.
Not logging off your account after usage.
Thanks for using your Microsoft account to bring the people who matter most together in one place. You can change your connection settings anytime and find more ways to connect at https://profile.live.com/services.

See you online,
The Microsoft team"
remove
- December 11, 2016 at 7:21 PM by an anonymous user from Lezhë, Qarku i Lezhes, Albania
  Thank you. I received a message like that.
  remove
November 17, 2016 at 8:30 AM by info
Here is another scam:

"From: Outlook Team
Sent: 16 November 2016 08:41
Subject: Microsoft account unusual sign-in activity

Your Account Will be Blocked

Dear User,

We are contacting you to inform you that our Microsoft Account Review Team identified
some unusual errors in your Microsoft account profile. This may be due to the following
Using a shared computer to access your Microsoft Outlook account.
Logging in your Microsoft Outlook account from blacklisted IP
Not logging off your Microsoft Outlook account after usage.
In order to safeguard your account, we require that you confirm your Outlook Account
Access the following link to complete the verification of your Outlook Account.
Unblock Verify Now

Thanks,
Microsoft ID Customer Support
Copyright 2016 Inc.
All rights reserved. Terms of Service,
Microsoft Account Team."
remove
November 4, 2016 at 6:58 AM by an anonymous user from Carrollton, Texas, United States
I got it and stupidly fell for it. The PRIMARY reason for this potential tragedy is that Microsoft has conditioned me to respond to such requests. From time to time, Microsoft decides to force password changes even though I will swear to God himself that my own account is blameless and not in need of action.

It burns a *lot* of time and causes errors and sometimes extended expensive temporary loss of access when they do that. It happens so often, for NO REASONABLE CAUSE, that finally this time I shot myself in the foot when an imposter came calling.

This dumbing down, sheep treatment by Microsoft has [somewhat] worn me into a dumb sheep. Their mantra of Deproductivity has claimed, for a moment anyway, one more victim.

Microsoft designers in many, many, many technical regards the most technologically inept designers in history, and with the power that they yield, their ineptness inflicts untold damage on the world as they damage productivity.

Before Microsoft, the U.S. ascended to superiority in all aspects of science and technology. Since Microsoft, that superiority has partially crumbled. Microsoft is a huge factor in that. Don't be fooled by clueless fanboy journalism. They are to a huge degree self-deluded imbeciles.

I wish the Justice Department would quit jerking off and go ahead and bust their monopoly!
remove
September 24, 2016 at 10:17 PM by info
Here is another scam:

"From: Outlook©
Sent: ‎Saturday‎, ‎September‎ ‎24‎, ‎2016 ‎6‎:‎25‎ ‎AM

Unusual Activity Detected

We detected something unusual about a recent activity to your microsoft e-mail account. To help keep you safe, we required an extra security challenge. You will need to verify your microsoft email account below to confirm that the recent activity was yours and to regain access and enjoy our unlimited service. Failure to verify will lead to permanent suspension of your account

Verify Now
What happened?
Using a shared computer to access your account.

Logging in your microsoft account from blacklisted IP.

Not logging off your account after usage.
Thanks for using your Microsoft account to bring the people who matter most together in one place. You can change your connection settings anytime and find more ways to connect at https://profile.live.com/services.

See you online,
The Microsoft team"
remove
September 20, 2016 at 9:32 AM by info
Here is another phishing message:

"From: AbdulMougheeth Halfawi
Sent: Monday, September 19, 2016 9:19 PM
Subject: Microsoft account unusual sign-in activity

Welcome to new Outlook.com

Due to the ongoing update in our system/server you are required to re-verify your account within 24 hours to enable us register your
country/device in our database. Failure to re-verify your account will lead to account de-activation and you will no longer have access
to many of the features for improved Conversations, contacts and attachments.

Take a minute to re-verify your account for a faster, safer and full-featured Microsoft Outlook experience.
Your security tight is our concern!
Click here to re-verify your account

Thank you for using Microsoft products and services."
remove
- September 21, 2017 at 1:26 AM by an anonymous user from Whitestone, England, United Kingdom
  I have had a similar email this morning about an old Microsoft account and email that I no longer use, plus I revived the same message via SMS. I didn't click any links as it looked phishy...
  remove

Show More Comments (28)

Show all