Share via

Suspicious email saying I made a purchase that I didn't make, not even sent to me but in my inbox anyways.

Aeron L 10 Reputation points
2025-07-23T15:00:46.4333333+00:00

I got an email from msonlineservicesteam @microsoftonline.com to receipt @kentsland.com at Tue 7/22/2025 9:30 AM, saying:

Thanks for verifying your Bill*** @shgschoolo.onmicrosoft.com account! Your code is: 432975 Sincerely, Your order of Windows Defender for (555.68𝐔𝐒𝐃) was successfully purchased.If this purchase was not made by you, please contact Microsoft Customer Support Immediately at 1(803)745-4487.

I did NOT make this purchase, and I don't have access to a phone that I can use to call this number. Please help me, or direct me to the correct people, because this was very difficult to find for someone that can't just call the number.

EDIT: Why did the emails get censored??? THIS IS IMPORTANT INFORMATION???? I had to put a space in between the emails to make sure they didnt get censored

Microsoft Security | Microsoft Defender | Microsoft Defender for Office 365

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Homewood Printing 5 Reputation points
    2025-07-23T20:08:05.5466667+00:00

    I got it too. Same exact email.
    It's a SCAM. Report it as Phish. DO NOT CALL that number.
    They have not taken your $556 but they will try if they can talk to you in person.

    I viewed the metadata and it looks like the sender's IP address is 52.103.202.24.
    If you're nosey like I am you can check it out at whois dotcom.

    Was this answer helpful?

    3 people found this answer helpful.
  2. Rob Koch 25,875 Reputation points Volunteer Moderator
    2026-01-27T20:44:06.8066667+00:00

    These phishing scams using the microsoftonline.com domain have existed for years, while the true confusion is that the typical consumer has no idea that this domain is used by most Azure-based 3rd-party work or school accounts intended for business, enterprise, or education customers as the AI description I received when I asked this question indicates in the text below my name in this post.

    The reason that scammers abuse this valid Microsoft domain is simple, Microsoft must maintain the domain to allow their business customers not having their own private domain to support functions like email or public websites, which means the domain must be valid and functional for these purposes, but that inherently creates the unintended ability that allows this potential abuse to occur.

    The ways to detect that these emails are scams are universal and simple, since beyond the often badly faked text, supposed 'Code #', obviously incorrect logos, exorbitant prices for often non-existent products, or other items these invariably contain, the simple presence of a phone number for you to contact the scammers is the most obvious tell, since Microsoft simply doesn't normally do business via the phone, so its presence clearly identifies the entire communication as a scam.

    The following document outlines the requirements for a consumer to potentially reach support via phone, which you'll notice is quite specific and relatively difficult, so of course they'd never include such a phone number when contacting a customer, which anyone working in a business, enterprise or education or having a background in IT support knows, while most consumers don't.

    Microsoft 365 Customer Service and Support - Microsoft Support

    So, if an email, browser popup, or any other message supposedly sent from Microsoft contains a phone number to call. you can report it as phishing/spam if you wish and then simply delete it, since it's obviously a scam. Always.

    Rob

    ---------- AI generated description of microsoftonline.com domain ----------

    Overview of @microsoftonline.com

    The @microsoftonline.com domain is primarily associated with Microsoft’s enterprise services. It is used for work and school accounts, particularly for users accessing Microsoft 365 Business, Enterprise, or Education plans.

    Key Features

    Enterprise Identity Management: This domain serves as the entry point to Microsoft's enterprise identity platform, known as Microsoft Entra ID.

    Security Protocols: It supports Single Sign-On (SSO) and strict multi-factor authentication (MFA), ensuring enhanced security for organizational accounts.

    Access to Services: Users can log in to various Microsoft services, including:

    • Corporate email
      • Azure portal
        • SharePoint
          • Microsoft Teams (business edition)

    Comparison with Other Microsoft Domains

    Domain Purpose User Type
    live.com Personal accounts Individual users
    live.com Personal accounts Individual users
    microsoftonline.com Work and school accounts Business and educational users
    microsoft.com Central access and product information General public

    Was this answer helpful?

    1 person found this answer helpful.
    0 comments
  3. Ensar Tahic 5 Reputation points
    2025-07-23T19:55:59.8533333+00:00

    Actually wanted to add up that I have received exactly the same email like you did. I have uploaded a picture of the email and information about it.

    IMG_0179

    IMG_0180

    Was this answer helpful?

    1 person found this answer helpful.
    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.