This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Good evening,
Our organisation has received a Statement of Account email: it seems that we have 3 payments past the due date, however I am not certain that the email is genuine in the first place.
The email is coming from a WOCSEMEA account and we only received communications from them recently. I have not been able to find information regarding them online.
Is there any way that we can verify if the email is genuine, before making any next steps?
Thank you
Microsoft 365 features that help users manage their subscriptions, account settings, and billing information.
Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.
I have also been recieving these emails and have confirmed with microsoft that these are NOT genuine emails from Microsoft, even if they come from the @microsoft.com domain.
I hope this helps
Hi all,
If it is confirmed that this email address is wocsemea@microsoft.com, rather than a non-Microsoft domain email address such as @wocsemea.com, I can confirm that this communication is from Microsoft and it is not a phishing email. I found this email address in my Outlook contact. It indeed originates from Microsoft GFS team.
Kind regards,
Thomas
I have also received an email exactly the same as above.
Mine came from WOCSEMEA(At Sign)MICROSOFT(Dot)COM.
I agree with "Looks like very convincing spam and passed all the DKIM, DMARC, SPF and MS ATP protections we have in place as genuine Microsoft communication."
The info is valid in the email, but I have never received a "Statement of Account".
The Excel file has the releated people:
Author is Ara Krishia Navas (Accenture)
Last modified by Ayesha Banu
Hi Gaia-SC,
Welcome to Microsoft Community.
This does not come from Microsoft's communications. Email domains from Microsoft usually contain the full spelling of Microsoft, such as @microsoft.com or the full spelling of certain Microsoft products, like @onedrive.com.
For example, these email addresses are from Microsoft:
@infomail.microsoft.com
@mail.onedrive.com
@notificationmail.microsoft.com
These email addresses are not from Microsoft:
@onmicrosoft.com
@WOCSEMEA.com
Please do not trust or click on any content in the email you received. Consider starting a new email to ******@office365.microsoft.com and include the phishing email as an attachment instead. We will investigate this email address and block it. Please don't forward the suspicious email; we need to receive it as an attachment so we can examine the headers on the message.
If you have any other questions or want to share more context, please let me know in your reply!
Best Regards,
Thomas C - MSFT | Microsoft Community Support Specialist
We have recently received similar emails but purportedly from:
Global Treasury Financial Services
WOCS-NA@MICROSOFT.COM
The attached excel xlsx SOA has no customer name but only an unrecognized (by us) customer number and a SAP ID, containing negative credits, how does this work? A negative credit is a debit no?
Looks like very convincing spam and passed all the DKIM, DMARC, SPF and MS ATP protections we have in place as genuine Microsoft communication.
| Dear Valued Customer/Partner,<br>Please find attached your current Statement of Account. <br><br>Take a moment to review the details and please confirm the following:<br><ul><li><p>Accuracy of the invoice details including customer name, address, VAT and TAX rate </p></li><li><p>Purchase Order with sufficient funds and approved to cover the mentioned invoice(s).</p></li><li><p>License quantity and pricing matches the quote from the Purchase Order.</p></li><li><p>If you have Azure invoices, please validate the consumption and period of usage against the Azure Portal.</p></li></ul><br><br>Please inform us of any questions or concerns you may have at the email address indicated below.<br><br>To ensure that you comply with the terms of the agreement with Microsoft, any open invoices should be settled on or before the invoice due date. <br><br>Where there are credits on your account, we encourage you to utilize these to offset against any open invoice(s). <br><br>When making a payment, it is essential to include the invoice number(s) and remit details to ensure that the payment correctly matches the corresponding invoice(s). Please refer to a copy of your invoice for Microsoft's banking details<br>Thank you for your continued business. |
|---|
| Regards, <br><br>Global Treasury Financial Services <br>WOCS-NA@MICROSOFT.COM |
| This message from Microsoft is an important part of a program, service, or product that you or your company purchased or participate in. Microsoft respects your privacy. Please read our Privacy Statement..Microsoft Corporation <br>One Microsoft Way <br>Redmond, WA 98052 |