Getting suspicious emails isn’t something you should ignore, especially if they look like from official emails, and this case is emails that look like from Microsoft, which is account-security-noreply@accountprotection.microsoft.com. Is it legit and valid?
Although that email might look like something from Microsoft, you might get concerned you would be getting phishing emails that are trying to deceive you into thinking they’re Microsoft and to get your email and password information.
Contents
So, what is phishing?
Phishing emails work by sending you a fake email saying something like “Unusual sign-in activity”, “Your password has changed”, or any other email content that does impression of the real email from Microsoft.
The font, font size, subject, email sender, and the rest of the email content are designed to get your attention. The email also sends a link that redirects to a fake Microsoft website showing you a fake login form.
If you aren’t careful enough, seeing this kind of email, then opening the link (especially entering your username and password) to sign in to Microsoft account, your Microsoft account might get stolen.
Username and password are usually enough to steal the account from you. One Microsoft account can contain all Microsoft products and services that you have access to, like your Windows PC, Office apps, OneDrive, Xbox, you name it.
The good thing is that there are multiple ways you can prevent your Microsoft account from being stolen by these phishing emails. But, let’s answer the main question first.
Is account-security-noreply@accountprotection.microsoft.com legit and valid from Microsoft?
So, the answer is yes. Of course, it’s not us that tells you it’s real, although the domain name is definitely from Microsoft. There’s the official forum reply saying that the email account is in fact real and from Microsoft.
When you have changed your password, signed in to a new device, and any important/unusual stuff happens with your Microsoft account, Microsoft is going to alert you by sending the information from this email address.
Prevent phishing emails
The good thing is that you can make sure whether they’re Microsoft or not by just seeing the email domain. If it is from Microsoft, it ends with microsoft.com. That domain has to be really at the end of the email address.
If you see another character or words following the domain (for example: account-security-noreply@accountprotection.microsoft.com.nakjwnd.com), or the domain changes (for example: …microsoftloginpage.com), yes, those are phishing emails and you should not open the email.
If you receive those kinds of emails, you should mark them as spam so you don’t receive them anymore. Also, changes your password and add more security to your Microsoft account by directly visiting Microsoft official website from your browser.
If you also by any chance receive those emails (particularly the “Unusual sign-in activity” one) but you see no activity on Microsoft website, sign-out of all devices and change your password ASAP (and perhaps do the below steps to make your account more secure).
Make your Microsoft account more secure
You can ensure your Microsoft account is safe by adding more steps to sign in (like using the two-factor authentication), adding phone number recovery, changing your password, or signing out of all devices at once.
It doesn’t matter whether you get those real alert emails or even fake ones, making sure your Microsoft account always safe is important.
Dony Prasetiyo has been writing on monkeymanifesto.com for about two years, intended to help solve computer and smartphone problems with easy-to-understand blog posts. He has written over 480 blog posts about Windows, Office, Android, and more.