Have you received a two-step verification setup email lately? It's not from Microsoft

Check the domain name to identify scams

News

Reading time icon 3 min. read

Calendar icon Published on

by Kazim Ali Alvi 

published on

Share this article

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

micosoft enable two-step verification email scam

In recent months, we have witnessed an increase in the Microsoft two-step verification email scams. The scam has been going on for years, ever since Microsoft released two-step verification.

A lot of reports have appeared in Microsoft forums and Reddit detailing such instances. A user recently wrote in the Microsoft Community.

I received an email Action required for two-step verification directed to another email cc’ing my email address asking “Now that you’ve turned on two-step verification (not my email address) make all your apps and devices work with it. If you use any of the following, we’ll help you set them up:” email I don’t recognize. It’s this a scam?

We could find reports from as far back as 2020 highlighting similar instances. Back then, many fell prey to such scams due to a lack of awareness. Here is a user’s experience after clicking on a link in the Microsoft two-step verification scam email.

Today, I unfortunately didn’t look over an email similar to this properly and clicked the link. It opened in Microsoft Edge and immediately the page tab said “you’ve been phished”. I promptly closed the tab, changed my outlook password. About 10 mins afterwards I disconnected from the internet for perhaps 20 mins and decided to run a virus check. Is there anything else I can do to minimse the chances that my computer is compromised?

If you ever come across an email that looks like an attempt at phishing, never click on any links or call the provided numbers. In case you do, scan the PC for malware and change all your passwords.

How can I spot a fake Microsoft two-step verification setup email?

  • Verify the sender: Look at the sender’s email ID and verify if it ends with microsoft.com. In case not, it’s a scam email.
  • Check the tone: Phishing emails usually have an informal tone. Match it with any other official emails from Microsoft and look for differences.
  • Look for grammatical errors: Grammatical errors are common in phishing emails, at least they were until a few years ago. So, if you find any grammatical errors, disregard the scam email.
  • Identify if anyone is CC’d: In the cases we observed, the emails were CC’d to other generic email addresses, which is a sign of a scam.

Phishing emails have been out there for decades, but they were easier to detect. Now, with AI becoming a tool for cyberattacks, these are highly identical to the actual ones and use the same tone, making it challenging to identify one.

For instance, Norton scam emails and Geek Squad scam emails will now appear more aligned with the official ones!

Were you able to identify the Microsoft two-step verification scam email? Share with us in the comments section.

More about the topics: microsoft, scams

Kazim Ali Alvi

Kazim Ali Alvi Shield

Windows Hardware Expert

Kazim has always been fond of technology, be it scrolling through the settings on his iPhone, Android device, or Windows PC. He's specialized in hardware devices, always ready to remove a screw or two to find out the real cause of a problem. Long-time Windows user, Kazim is ready to provide a solution for your every software & hardware error on Windows 11, Windows 10 and any previous iteration. He's also one of our experts in Networking & Security.