is it legit?

[Metalrocks]

just got this email today. this is the address of the sender:
[email protected]

Microsoft account
Security alert

We think that someone else might have accessed the Microsoft account ni*****@gmail.com. When this happens, we require you to verify your identity with a security challenge and then change your password the next time you sign in.
If someone else has access to your account, they have your password and might be trying to access your personal information or send junk email.
If you haven't already recovered your account, we can help you do it now.
Recover account

Learn how to make your account more secure.
Thanks,
The Microsoft account team

 

[SnowyGamester]

Maybe, maybe not. Did you have to answer security questions and change your password when you logged in? Does the hyperlink on "Recover account" lead to a legitimate URL related to Windows Live or Microsoft accounts? If not, it's a scam. Otherwise just change your password. Or change your password anyway. If you use the same password for other accounts and one was compromised someone could easily gain access to your Microsoft email account. You could also have a malware infection that led to someone attempting to gain access to your account. Or maybe someone was just trying to log in with a bunch of potential passwords and it was locked down to prevent access. I had a similar message recently that was legit (both the email and message on login, though not sure of the exact cause) which led me to change literally all of my passwords to be unique using an easy to remember algorithm based on the name of each service an account/password was tied to. No more reused passwords.

Wait is that a GMail account? I know you can use a GMail account as a recovery option or redirect from a Microsoft based email/account but I don't think there's a way to have your Microsoft login be your GMail account. Methinks this is dodgy. edit: Nope. Apparently this is possible when you first sign up, though if you didn't do that then it's a fake.

 

[Frezzato]

Microsoft doesn't contact you unless you contact them first. Have you tried to contact them lately? If not, then delete that email immediately.

Also, if you're using gmail, make sure you have multi-step verification active. It can be a hassle sometimes, but it's really worth it. The same goes for any email provider you use.

 

[DoPo]

just got this email today. this is the address of the sender:

Ignore that address. It actually means nothing at all. I'm serious - it's trivial to change it to whatever you want - I can send email from "[email protected]", if I want. So it's never a good idea to trust it.

With that said, that email is, by itself, cannot tell me whether it's a scam or not. It could be real - who knows. I've gotten similar email from Google (Gmail related) and they were legit. I've also received a lot of emails from "Blizzard" (Battle.net account related) and they weren't.

Do you have a Microsoft account? If you don't, I'd hazard a guess that it's not real.

Actually...wait, hold on - why would your Microsoft account be @gmail.com? Can you even have that? I wouldn't have thought so.

At any rate, check the links in the email - I assume that "Recover account" is a link - hover over it to see what address it points to. If it's not something from Microsoft, then, it's most likely a scam. And beware - the domain name has to be official - the domain name is in the form of "something.com" (or .net, or whatever), everything before it is called a subdomain. I'll use the the sender from the email as an example:

account.microsoft.com

the bolded is the subdomain. It is entirely arbitrary, unlike the domain part - so if you see something like

microsoft.someunrelatedname.com

it most certainly isn't actually Microsoft official.

There is another way to check the validity of an email, but it's more technical: you can open and view all headers. How to actually do it, depends on what you're viewing the email in, but it would most likely be possible. The headers of the email contain various technical information that you're not usually interested in - like when was the email received at various points of its travel. The sender is also just a header, which anybody can set, given some amount of freedom over the email (if you're just writing one from an email client, then it's probably just set for you, you can just change the email boy). At any rate, you can find some more information there, like where the email was actually send from. This can't really be changed, but it could be obfuscated a bit.

At any rate, assuming you do have a Microsoft account, you could always ignore the link in the email and log into it as usual, then change your password or something.

 

[Metalrocks]

thanks for the fast reply. no,i dont have a ms account. i do have gmail, which i linked to win live mail 2012 but thats it.
and no i havent clicked on the link in case its fake and i end up opening a door for someone unwanted.

 

[Metalrocks]

ok, i have clicked on the link with my tab (since i have no person stuff on it since its strictly for work only) and it linked me to a MS site which required me to log in. but as i stated above: i do not have an MS account. never the less, i did change my password just in case.