Windows 10: Got an email from Microsoft today (somewhat urgent)

Hi guys! I got an email from "microsoft" today - emphasis on "microsoft" because I'm still deliberating if it is legit or not. First email a couple of hours ago is that someone tried to access my account and the second on is that someone successfully accessed my acount.

I know my password is secure and I haven't logged in to my account using any other computer but maybe - just maybe someone did. I tried clicking the link and it send to a somewhat legit microsoft page. Can anyone shed light into this? I attached snips of the email










:)

 

I just got an email from a "Microsoft subsidiary" that my driver updates will stop tomorrow. I have to pay to get them to continue. Is this truly Microsoft doing thi?

Drivers once installed don't just stop working. Only get drivers when you think you need them and then only get them from a device's manufacturer like nVidia or the manufacturer of your computer. The major manufacturers like Dell and HP provide a "Support
Assistant" that is installed on the computer when you buy it. They alert you when a new driver is available for your device. You can go for years sometimes without needing any new drivers.

If your computer is working fine, you don't need drivers.

 

I just got an email from a "Microsoft subsidiary" that my driver updates will stop tomorrow. I have to pay to get them to continue. Is this truly Microsoft doing thi?

Run Windows Defender and if you haven't loaded it, get MalwareBytes free version and run it.

If you do not know who the email is from always look at the senders email address. If it has a funny set of letters at the end it may be a scan from overseas.

Do not open them but move them to Junk and clean out Junk.

Even if they say there are from someplace that you know check the email address.

I get a bunch of emails that are phishing saying that my Verison email account is full and I look at the email address and it is not Verison so all I do is forward it to Verisons phishing site as an attachment.

 

It's a scam. MS never email anybody for such thing.

 

Check your recent activity to verify.

Sign in to your Microsoft account

 

Thanks for the tip guys. I changed my password just to be sure using the link you gave Tairiku. The funny thing is, the confirmation email sender when I changed my password is the same email that sent me the warning in the first place. I checked the recent activities and my account was not logged in from another place. Maybe it was just a false alarm.

 

I am sorry but I think you are wrong.

These emails can be and sometimes are scams, but in these cases the sender is not an email from a valid Microsoft sender and link does not take to valid Microsoft https site. I have received exactly the same message on various Live, MSN and outlook.com addresses a few times and they have always been valid.

Noticeable is that as OP's last screenshot shows, link in email took to authentic secured Microsoft site.

Microsoft really sends this message when there has been unusual or suspected activity. Last time I got this message when I wanted to share something personal from OneDrive (not shared publicly) with someone in another country who has nor has never had any Microsoft accounts or emails. For some reason he could not download the shared file although I had set sharing not to require a Microsoft account.

As I trust my life in hands of this person, I decided to let him sign in to OneDrive with my credentials and download the file. I first changed password of my outlook.com email to a temporary password and disabled two step authentication as he was waiting on phone, he then signed in to my OneDrive and downloaded the file, me all the time waiting on the phone, and when he was done and signed out I immediately changed my password again and re-enabled two step authentication.

Exactly the same email than in OP's first screenshot arrived not a full day later.

In OP's case I assume that even when checking the message header it reveals it really came from actual Microsoft domain.

 

@Kari
OK. Thanks for the correction.

 

Always look at the full header if you have any doubts about authenticity. 'From' addresses can be spoofed, look at the originating domain to see if it truly came from who it said it did.

 

True. The problem today is that many scammers use the original message body from real, original messages. It can sometimes be really difficult to say if message is real or fake without checking all available information.

Full header also reveals the real URL in links in email. If link says it's for account management for your Microsoft email account and link really is https://account.microsoft.com (or https://account.live.com), it's a real thing.

An example of a recent email from Microsoft regarding app passwords of one of my Microsoft email accounts. The button to click shows not where the click takes me, but message header as it shows all information reveals that it in fact is a valid, real Microsoft secure site:

 

A normal user would have a hard time guessing if the email is legit or not. Sometimes the email looks very legit.

 

That's what I said in my previous post. Scammers copying and using the original message body, layout, everything, it makes it hard to see if real or fake.

A bit long reply now but as I think this might benefit a user or two, I'll post it:

Using email from my inbox, exactly like the one in your original post as an example, before clicking any links simply bring the pointer on top of the link, not clicking it. Browsers using a status bar at bottom will now show the real URL, the address where you will be taken in statusbar bottom left:




Microsoft Edge does not have statusbar but the link URL should also be seen bottom left. Link text could be anything but the URL shown when you mouse over it is always the one where you would be taken if you click the link.

If for some reason the URL is not shown you can right click the link and copy it:




Now paste it in Notepad (some advice I've seen says paste it in browser addressbar but I do not recommend it because an accidental key press might open the link):




Now you can see if the link URL is real or fake. In the address you'll see protocol (red in screenshot above, usually either http or https, latter being secure), subdomain (blue), domain (green) and top level domain (TLD, yellow).

Subdomain can be whatever, every domain owner can set up any preferred subdomains. Most common subdomain is www. Subdomain www is usually not needed to enter a domain's website, you can browse to TenForums with either www.tenforums.com with subdomain.

It's enough to be sure link is real if domain and top level domain are real, in this case microsoft.com. Regardless which if any subdomain is shown, that can't be faked: no one else than Microsoft web admins can add subdomains to Microsoft domain.