Have you received a two-step verification setup email lately? It's not from Microsoft
Check the domain name to identify scams
3 min. read
Published on
Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more
In recent months, we have witnessed an increase in the Microsoft two-step verification email scams. The scam has been going on for years, ever since Microsoft released two-step verification.
A lot of reports have appeared in Microsoft forums and Reddit detailing such instances. A user recently wrote in the Microsoft Community.
I received an email Action required for two-step verification directed to another email cc’ing my email address asking “Now that you’ve turned on two-step verification (not my email address) make all your apps and devices work with it. If you use any of the following, we’ll help you set them up:” email I don’t recognize. It’s this a scam?
We could find reports from as far back as 2020 highlighting similar instances. Back then, many fell prey to such scams due to a lack of awareness. Here is a user’s experience after clicking on a link in the Microsoft two-step verification scam email.
Today, I unfortunately didn’t look over an email similar to this properly and clicked the link. It opened in Microsoft Edge and immediately the page tab said “you’ve been phished”. I promptly closed the tab, changed my outlook password. About 10 mins afterwards I disconnected from the internet for perhaps 20 mins and decided to run a virus check. Is there anything else I can do to minimse the chances that my computer is compromised?
If you ever come across an email that looks like an attempt at phishing, never click on any links or call the provided numbers. In case you do, scan the PC for malware and change all your passwords.
How can I spot a fake Microsoft two-step verification setup email?
- Verify the sender: Look at the sender’s email ID and verify if it ends with microsoft.com. In case not, it’s a scam email.
- Check the tone: Phishing emails usually have an informal tone. Match it with any other official emails from Microsoft and look for differences.
- Look for grammatical errors: Grammatical errors are common in phishing emails, at least they were until a few years ago. So, if you find any grammatical errors, disregard the scam email.
- Identify if anyone is CC’d: In the cases we observed, the emails were CC’d to other generic email addresses, which is a sign of a scam.
Phishing emails have been out there for decades, but they were easier to detect. Now, with AI becoming a tool for cyberattacks, these are highly identical to the actual ones and use the same tone, making it challenging to identify one.
For instance, Norton scam emails and Geek Squad scam emails will now appear more aligned with the official ones!
Were you able to identify the Microsoft two-step verification scam email? Share with us in the comments section.
User forum
0 messages