This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(172.8, 16%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EWC%3C/text%3E%3C/svg%3E)
Dear Microsoft Support Team,
I hope you are well.
I recently received an email claiming that a BTC payment of $589.99 was successfully processed, along with an invoice number and a customer support phone number. The message appears suspicious due to unusual formatting, inconsistent wording, and a request to call a phone number for assistance.
I would like to confirm whether this email is legitimately associated with Microsoft or if it is a phishing or spam attempt.
For your reference, the email includes the following details:
Invoice number: KIRE5160
Amount: 589.99 USD
Date created: March 2, 2026
Mentions BTC payment via PayPal
Provides a support phone number: (803) 443-6955
Please let me know whether this message is authentic or if I should report and delete it.
Thank you for your assistance.
Best regards,
Winnie Chong
A suite of security solutions designed to protect identities, devices, and data across organizations. Including Intune, Entra, Authenticator, Windows Autopilot, Microsoft Defender, and more, it offers advanced threat protection, compliance management, and secure access to resources.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 38%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMP%3C/text%3E%3C/svg%3E)
This email is almost certainly a phishing or scam attempt and is not legitimately associated with Microsoft.
There are several strong red flags. Microsoft does not process payments in Bitcoin for standard consumer invoices, and it does not combine “BTC payment” with “via PayPal,” since those are entirely different payment systems. That inconsistency alone is a major indicator of fraud. The amount ($589.99) is also typical of scare-tactic invoice scams designed to trigger urgency and panic.
Another common phishing pattern is including a fake invoice number and urging the recipient to call a “customer support” phone number. The goal is to get you to call the number, where scammers attempt to extract personal information, payment details, or remote access to your computer. Legitimate Microsoft billing communications do not rely on random outbound invoice emails asking you to call a generic phone number, especially not for cryptocurrency payments.
The unusual formatting and inconsistent wording you noticed are also typical of scam emails. Official Microsoft emails are professionally formatted, use consistent branding, and direct users to log in to their official account at microsoft.com rather than calling an arbitrary number.
You should not call the phone number and should not reply to the email. Do not click any links in it. The safest action is to report it as phishing through your email provider’s reporting feature and then delete it. If you are concerned, independently log in to your Microsoft account by typing the official website address directly into your browser to verify your billing history. Do not use any links provided in the suspicious email.
Based on the details you provided, this message is not authentic and should be reported and deleted.
If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.
hth
Marcin
Thank you for your reply. I have reported the email as spam accordingly.
This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.