Email Address Password Phishing
Home ScamsPhishing Scams Microsoft ‘Unusual Sign-In Activity’ Email Phishing Scam

Microsoft ‘Unusual Sign-In Activity’ Email Phishing Scam

by Brett M. Christensen

This email, which purports to be from the “Microsoft Team”, claims that the company has detected something unusual about a recent sign-in to your Microsoft account.

It asks you to click a link to open your recent activity page and let Microsoft know if the “unusual” sign-in was you or someone else. Supposedly, you’ll get help to secure your account if it wasn’t you.

However, the email is not from Microsoft and the claims about a suspect sign-in are just a trick to get you to click the link. It is a phishing scam designed to steal your account login credentials.

If you do click, you’ll be taken to a fraudulent website that looks like it belongs to Microsoft. Once on the fake site, you’ll be asked to log in with your Microsoft account details.

You’ll then see a message claiming that you have successfully secured your account.  Next, you’ll be automatically redirected to the genuine  Microsoft account login page.

But, in the meantime, the crooks can harvest the information you provided and use it to hijack your Microsoft account. Your Microsoft account login may provide access to several linked services including email, Skype,  OneDrive, and Office 365.

So,  the scammers can now use these services to distribute spam and scam emails, collect and steal your personal information and private files,  and conduct fraudulent transactions and activities in your name.
Phishing scams like this are very common. This video from the Hoax-Slayer YouTube channel gives more information about such scams:

Microsoft has information about recognizing and reporting phishing scams on its support website.

Transcript of the scam email:

From: Microsoft Team
Subject: Unusual Sign-in activity
We detected something unusual about a recent sign-in to Microsoft
account [email address removed]Sign-in details
Country/region: Unted State
IP address:
Platform: Windows 10
Browser: Google ChromePlease go your recent activity page to let us know whether or not
this was you . If this wasn’t you. we’ll help you secure your
account. we’ll trust similar activity in the future.Review recent activity

The Microsoft Security Essentials
Microsoft Team office Center
all rights reserved 2020

Importance Notice

After considerable thought and with an ache in my heart, I have decided that the time has come to close down the Hoax-Slayer website.

These days, the site does not generate enough revenue to cover expenses, and I do not have the financial resources to sustain it going forward.

Moreover, I now work long hours in a full-time and physically taxing job, so maintaining and managing the website and publishing new material has become difficult for me.

And finally, after 18 years of writing about scams and hoaxes, I feel that it is time for me to take my fingers off the keyboard and focus on other projects and pastimes.

When I first started Hoax-Slayer, I never dreamed that I would still be working on the project all these years later or that it would become such an important part of my life. It's been a fantastic and engaging experience and one that I will always treasure.

I hope that my work over the years has helped to make the Internet a little safer and thwarted the activities of at least a few scammers and malicious pranksters.

A Big Thank You

I would also like to thank all of those wonderful people who have supported the project by sharing information from the site, contributing examples of scams and hoaxes, offering suggestions, donating funds, or helping behind the scenes.

I would especially like to thank David White for his tireless contribution to the Hoax-Slayer Facebook Page over many years. David's support has been invaluable, and I can not thank him enough.

Closing Date

Hoax-Slayer will still be around for a few weeks while I wind things down. The site will go offline on May 31, 2021. While I will not be publishing any new posts, you can still access existing material on the site until the date of closure.

Thank you, one and all!

Brett Christensen,