Accounts & tech
Is this Microsoft email real or a scam?
What a real Microsoft email looks like
Microsoft sends sign-in and security notices from @microsoft.com and its known sub-domains. A genuine alert lets you review activity by opening microsoft.com or the app yourself; it does not force you to log in through an email link.
Red flags of a fake Microsoft email
- !An "unusual sign-in" or "account locked" message demanding you log in via a link
- !A sender domain unrelated to Microsoft
- !Requests for your password, 2FA codes or payment
- !Urgency or scare wording
- !A link to a look-alike login page
Check it in 10 seconds
- 1Look at the sender's full email address, not just the display name. Real Microsoft mail comes from @microsoft.com.
- 2Don't click links or buttons. Scammers use look-alike domains that differ by only a word or a letter.
- 3If you need to act, open microsoft.com yourself or use the official app, never a link from the email.
- 4Still unsure? Forward the whole email to check@islegit.email and we'll check it for free in under a minute.
Still not sure about an email? Forward it to check@islegit.email and get a clear verdict in under a minute.
Check an emailFrequently asked
What does a real Microsoft email address look like?
It comes from an @microsoft.com address. Scammers fake the display name, so always check the actual address, and watch for look-alike domains (extra words, a different ending, or a misspelling).
I clicked the link or paid. What should I do?
Contact your bank immediately to block or reverse the payment, change any password you entered, and turn on two-factor authentication. Then report it.
How do I report a fake Microsoft email?
Forward it to Microsoft's official abuse or phishing address and report it to your email provider. You can also forward it to us to confirm whether it's a scam.