Once cybercriminals have gotten their potential victims’ account credentials (usernames and passwords), they will use it to hijack their Microsoft accounts and use them fraudulently. Therefore, recipients of the phishing email message (see below) who were tricked into clicking on the link within it and have attempted to sign into the phishing or fake website that they were taken, are asked to change their Microsoft account passwords immediately, before they are hijacked and used fraudulently by cybercriminals.
The "Request 455 - on Pending" Microsoft Outlook Live Phishing Scam
From: OutlookLiveMessage455.Eemail@example.com OutlookLiveMessage455.Efirstname.lastname@example.org
Sent: February 9, 2017 12:38 PM
Subject: Request 455 - on pending.
You are no longer allowed to access your e-mail account. We had to disable your online access for your security.
This can be because of a recent change in your address or submitting incorrect information during the initial registration process.
Please verify your Hotmail account within the next 48 hours in order to avoid full online suspension.
After an effective account verification you will be able to use your login as usual
Follow our secure verification page to proceed to an effective online authentification.
We respect your privacy and will not provide your personal information to other parties without your consent.
Customer E-mail Service
Microsoft Department 2017
Please do not reply this e-mail as it not monitored.
Microsoft users should never click on a link to sign into their accounts, they should instead, go directly to https://account.microsoft.com/ and sign-in from there. If there is something that needs to be done to their accounts, they will be notified. This is will prevent Microsoft users from visiting phishing websites disguised as legitimate Microsoft website that steal account credentials.
Also, to help protect against phishing scams, Microsoft account users can enable Two-step verification. This will prevent access to their Microsoft accounts, even if their account usernames and passwords have been stolen by cybercriminals.