Got an email from Microsoft today (somewhat urgent)

It's a scam. MS never email anybody for such thing.

Check your recent activity to verify.

Sign in to your Microsoft account

topgundcp said:

It's a scam. MS never email anybody for such thing.

I am sorry but I think you are wrong.

These emails can be and sometimes are scams, but in these cases the sender is not an email from a valid Microsoft sender and link does not take to valid Microsoft https site. I have received exactly the same message on various Live, MSN and outlook.com addresses a few times and they have always been valid.

Noticeable is that as OP's last screenshot shows, link in email took to authentic secured Microsoft site.

Microsoft really sends this message when there has been unusual or suspected activity. Last time I got this message when I wanted to share something personal from OneDrive (not shared publicly) with someone in another country who has nor has never had any Microsoft accounts or emails. For some reason he could not download the shared file although I had set sharing not to require a Microsoft account.

As I trust my life in hands of this person, I decided to let him sign in to OneDrive with my credentials and download the file. I first changed password of my outlook.com email to a temporary password and disabled two step authentication as he was waiting on phone, he then signed in to my OneDrive and downloaded the file, me all the time waiting on the phone, and when he was done and signed out I immediately changed my password again and re-enabled two step authentication.

Exactly the same email than in OP's first screenshot arrived not a full day later.

In OP's case I assume that even when checking the message header it reveals it really came from actual Microsoft domain.

Kari

@Kari
OK. Thanks for the correction.

Bree said:

Always look at the full header if you have any doubts about authenticity. 'From' addresses can be spoofed, look at the originating domain to see if it truly came from who it said it did.

True. The problem today is that many scammers use the original message body from real, original messages. It can sometimes be really difficult to say if message is real or fake without checking all available information.

Full header also reveals the real URL in links in email. If link says it's for account management for your Microsoft email account and link really is https://account.microsoft.com (or https://account.live.com), it's a real thing.

An example of a recent email from Microsoft regarding app passwords of one of my Microsoft email accounts. The button to click shows not where the click takes me, but message header as it shows all information reveals that it in fact is a valid, real Microsoft secure site:

jaypels said:

A normal user would have a hard time guessing if the email is legit or not. Sometimes the email looks very legit.

That's what I said in my previous post. Scammers copying and using the original message body, layout, everything, it makes it hard to see if real or fake.

A bit long reply now but as I think this might benefit a user or two, I'll post it:

Using email from my inbox, exactly like the one in your original post as an example, before clicking any links simply bring the pointer on top of the link, not clicking it. Browsers using a status bar at bottom will now show the real URL, the address where you will be taken in statusbar bottom left:

Microsoft Edge does not have statusbar but the link URL should also be seen bottom left. Link text could be anything but the URL shown when you mouse over it is always the one where you would be taken if you click the link.

If for some reason the URL is not shown you can right click the link and copy it:

Now paste it in Notepad (some advice I've seen says paste it in browser addressbar but I do not recommend it because an accidental key press might open the link):

Now you can see if the link URL is real or fake. In the address you'll see protocol (red in screenshot above, usually either http or https, latter being secure), subdomain (blue), domain (green) and top level domain (TLD, yellow).

Subdomain can be whatever, every domain owner can set up any preferred subdomains. Most common subdomain is www. Subdomain www is usually not needed to enter a domain's website, you can browse to TenForums with either tenforums.com without www subdomain or www.tenforums.com with subdomain.

It's enough to be sure link is real if domain and top level domain are real, in this case microsoft.com. Regardless which if any subdomain is shown, that can't be faked: no one else than Microsoft web admins can add subdomains to Microsoft domain.

Kari