Share via

I got an email from the official microsoft email saying that an account that isn't mine has been compromised

Hannah I 0 Reputation points
2026-03-15T21:09:06.2633333+00:00

Do I just ignored it? Has someone spoofed the address? Can that happen? What's going on here?

Outlook | Web | Outlook.com | Account management, security, and privacy
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. EmilyS726 222.1K Reputation points Independent Advisor
    2026-03-15T21:44:21.06+00:00

    Hello,

    Is it from an email domains ending in @accountprotection.microsoft.com

    If so, yes, the email itself is legit, but since it doesn't reference your account, it can mean that someone else might have left your email address as contact, typically due to typo.

    0 comments
  2. Q&A Assist
    2026-03-15T21:09:16.8533333+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    Yes, the address can be spoofed, and the message should not be trusted or acted on until its legitimacy is verified.

    Key points and actions:

    1. Phishing and spoofing are common
      • Phishing emails often pretend to be from Microsoft and may even show what looks like an official Microsoft address.
      • Some deceptive emails use a “spoofed” source address to fool recipients into thinking the message is legitimate.
    2. How to check if the message is suspicious
      • In Outlook/Outlook.com, check for warning indicators:
        • A “?” in the sender image means Outlook cannot verify the sender using email authentication. Treat such messages with caution, especially if the sender is unexpected.
        • A “via” tag under the sender name (for example, From: Someone <******@contoso.com> via suspicious.com) indicates the actual sending domain differs from the visible From address. If the sender is not recognized, be cautious.
      • Hover over links and buttons (without clicking) and verify that the URLs and domains look valid and reference Microsoft, as recommended for suspicious “Microsoft account security alert” emails.
    3. What to do with the email
      • Do not click any links, open attachments, or provide credentials or personal data directly from the email.
      • If the email claims an account was compromised but it is not an account that is used, treat the message as suspicious.
      • If there is any concern that it might be about a Microsoft account actually used, go directly (by typing the address in the browser, not via the email link) to official pages such as the Microsoft account Security basics page or the recent activity page to review sign-ins and secure the account.
    4. If unusual activity is ever seen on an account actually owned
      • Sign in to the Security basics page and select Review activity to check recent sign-ins and mark anything that was not done as This wasn’t me or Secure your account.
      • Change the password from the Security basics page if there is any suspicion of unauthorized access.

    If, after checking, the email clearly refers to an account that is not owned and shows spoofing indicators, it can be safely ignored and deleted.

    References:

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.