Security info replacement

Question

Someone started a process to replace all of the security info for the Microsoft account [li********@sympatico.ca] with the following info:[******@gmail.com].

If this was you, click the button below to bypass the waiting period by using your existing security info.

If this wasn't you, someone else might be trying to take over [li********@sympatico.ca]. Click here and we'll help you protect this account.

If you don't recognize the Microsoft account [li********@sympatico.ca], you can click here to remove your email address from that account.

Thanks,

The Microsoft account team

Is this from Microsoft or is this phishing, trying to control my Microsoft account.

My daughter is Lianne. She clicked on the link, unfortunately.

If it is fraud, what can I do now to prevent loosing control of my account.

Thanks

Robert Chagnon

<PII>

Answer 1

Hello,

These links seem to be legitimate.

A legitimate email from Microsoft regarding your account always comes from domains ending in @accountprotection.microsoft.com Can you confirm if that's the case?

Answer 2

The message describes a real Microsoft security-info replacement process, but there is no way from the text alone to confirm whether the specific email received was genuine or a phishing copy. Treat the situation as a possible account-compromise attempt and secure the account immediately.

Take these steps now:

1. Do not click any more links in that email
   • Access the account only by typing https://account.microsoft.com or https://account.live.com directly into the browser, not via the email.
2. Check if a security-info change is pending
   • Sign in to the Microsoft account security page: https://account.live.com/proofs/Manage (type it manually or use a trusted bookmark).
   • If the account shows “Your security info change is still pending” or “You can’t access this site right now”, it means all previous security info was removed and replaced, and a 30‑day restriction is in place.
3. If the family initiated the change (legitimate scenario)
   • On the Your security info change is still pending window, select cancel this request and follow the prompts. This uses the existing/old security info to stop the replacement.
   • This is only appropriate if the change was started intentionally and the existing security proofs (old email/phone) are still accessible.
4. If the change was not initiated by the family (likely compromise)
   • On the same Your security info change is still pending window, select let us know near the bottom and follow the prompts. This flags that someone else tried to change the security info and starts the “unauthorized change” flow.
   • This is specifically for cases where someone else might be trying to take over the account.
5. Review and correct security info (if access is still available)
   • If sign-in is still possible and verification codes can be received on a known, trusted method:
     1. Go to the Advanced security options page (from the account security area).
     2. Select Add a new way to sign in or verify and add a trusted email/phone.
     3. Confirm it by entering the code sent to that new method.
     4. Expand any security info entries that are not recognized and select Remove, then confirm.
   • Avoid removing all security info at once; doing so can put the account into a 30‑day restricted state.
6. If all security info is lost but the password is known
   • Start sign-in to the Microsoft account.
   • At the Verify your identity prompt, select I don't have any of these.
   • Follow the instructions to replace the security info.
   • After replacement, there will be a 30‑day wait before full sign-in is allowed. During those 30 days, if the old security info is recovered, it can still be used to sign in, but doing so cancels the update.
7. If the password is also at risk or unknown
   • Use the Microsoft account recovery process:
     1. Review Help with the Microsoft account recovery form.
     2. Submit the Account recovery form from a device and location commonly used with the account.
   • If two-step verification was enabled and none of the alternate methods are accessible, support cannot reset the account; this is by design to protect account contents.
8. Treat this as a possible hack and follow the hacked-account guidance
   • Use the How to recover a hacked or compromised Microsoft account guidance and the sign-in helper tool. These will:
     • Walk through confirming ownership.
     • Help remove attacker-added aliases/security info once access is restored.
9. Educate and prevent future issues
   • Explain to the daughter that any email about security changes should be verified by signing in directly to account.microsoft.com rather than clicking links.
   • Consider enabling two-step verification on the account once it is fully secured, and ensure at least two or three trusted security methods (e.g., phone, alternate email, Authenticator app) are configured so that access is not lost if one method is compromised.

---

References:

• What does “Security info change is still pending” mean?
• Troubleshoot Microsoft verification code issues
• Help with the Microsoft account recovery form
• How to recover a hacked or compromised Microsoft account
• How to use two-step verification with your Microsoft account
• My account got hacked. - Microsoft Q&A
• Please confirm my e mail address as <removed PII>@outlook.com - Microsoft Q&A