What our user receive an email from Microsoft <******@email.microsoft.com>

Question

What our user receive an email from Microsoft <******@email.microsoft.com>

IM ADMIN 0

Our user received an email claimed from Microsoft <******@email.microsoft.com> with Subject: 以下是您向 Microsoft 索取的電子書 and this email contains a URL https://emails.microsoft.com/dc/pTEFlGZ9Q3ITrVt7_I2wJfSaXP4fVmu5GQerBk9DuUsLO_76aFr3sJnEYiRai4CvnYfnlEMem0zTvkk-FR8H519fpTe28gEV8_Pjwi-oAFSdIPtRs6mABIpKoW5Bsv6X/MTU3LUdRRS0zODIAAAGO4WTzDttCb0sJgoywdmVphClTcyywENFbNRRfe_Nvs9G1mZqWwouz1kzbJnD_ld_DLoz1Lc4=

But our user DID NOT make any request from Microsoft, it seems that this is a spoof email.

Anonymous

2023-10-20T09:28:24.8766667+00:00

@IM Admin If the information provided previously is helpful, you could consider accepting the answer. If you still have concerns later, you can reply to the comment at any time.
Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

2 answers

Your answer

Anonymous

2023-10-20T09:28:24.8766667+00:00

@IM Admin If the information provided previously is helpful, you could consider accepting the answer. If you still have concerns later, you can reply to the comment at any time.
Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

Answer 1

Anonymous

Hello @IM ADMIN

Yes, this is most likely a spoofed phishing email. Please do not click on the URL or provide any personal information before verifying its authenticity to prevent any loss. Typically, you can view the details of a message through a Message Header Analyzer.

Paste the message headers into the field provided and click Analyze headers to produce the report.

https://learn.microsoft.com/en-us/connectivity-analyzer/message-header-analyzer

In addition, you can also refer to: Protect yourself from phishing

Regards

Shaofan

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

IM Admin 0 Reputation points

2023-10-20T07:51:46.4566667+00:00

Dear Shaofan,

After checking the mail header, the message was sent from IP 199.15.214.202 bounce4.email.microsoft.com with sender @bounce4.email.microsoft.com. The message was passed all SPF, DKIM & DMARC verification i.e. spf=Pass smtp.mailfrom=@bounce4.email.microsoft.com; dkim=pass (signature verified) header.i=@email.microsoft.com; dmarc=pass (p=reject dis=none) d=microsoft.com

I also find a page from Microsoft https://info.microsoft.com/ww-landing-essential-guide-to-bring-your-own-pc.html?LCID=en-HK that allow ANYONE input 3rd party email address. Is it normal?

Regards,

IM Admin
Anonymous

2023-10-20T08:18:56.3166667+00:00

Hello @IM Admin

After opening this link, it is actually inconsistent with the link you provided and has nothing to do with Microsoft.

Actually:

<< I also find a page from Microsoft that allow ANYONE input 3rd party email address. Is it normal?

If this is what you are referring to, then this is normal.

The domain name of the message also does not seem to satisfy the following three types supported by Microsoft:
Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

Answer 2

Based on the information provided in the context, if the email claims to be from Microsoft but is being sent from another email domain, it is likely a phishing scam. Spoofed senders in messages might trick the recipient into selecting a link and giving up their credentials, downloading malware, or replying to a message with sensitive content. Users should always use caution, and perform due diligence to determine whether the message is a phishing email message before taking any other action. Start by hovering the mouse over all email addresses, links, and buttons to verify that the information looks valid and references Microsoft. Users can also analyze the message headers and message tracking to review the "spam confidence level" and other elements of the message to determine whether it's legitimate.

In this case, the email address ******@email.microsoft.com seems to be a legitimate Microsoft email address. However, if the user did not make any request from Microsoft, it is possible that this is a spoof email. Therefore, the user should exercise caution and verify the legitimacy of the email before taking any action.

References:

Share via

What our user receive an email from Microsoft <******@email.microsoft.com>

2 answers

Your answer