Scammers impersonate Microsoft to target Hotmail users with dodgy emails

Discover how to spot and report scam emails
Tali Ramsey

Scammers are impersonating Microsoft in dodgy emails which tell recipients that they must update their Hotmail password.

Email scams are very common at the moment, and Microsoft is the latest tech company to be impersonated by fraudsters. Just last week, we reported on scammers sending out fake ‘locked Apple ID’ emails.

Read on to learn more about how this scam works, and for advice on reporting dodgy emails.

Sign up for free Which? scam alert emails to find out about the latest scams news and advice.

Microsoft scam email

This email opens with: ‘Dear user, Your Microsoft Mail account will be replaced by our new version.’ It includes an imminent ‘closure’ date and tells you to ‘update and protect your account’ within 24 hours.

The scammers use Microsoft’s logo to add a sheen of authenticity, but there are some clear signs that this email is dodgy.

  • The sender name (mscafaru@hotmail.com) doesn’t look like a genuine Microsoft email address.
  • Most companies will address their customers by name, so emails opening with ‘Dear user’ or ‘Dear customer’ should arouse your suspicions.
  • The email gives you 24 hours to click a link to ensure you don’t lose access to your account. You should be suspicious of clickable links in unsolicited emails, especially if the message demands that you take imminent action.
  • The email is clumsily composed. It contains several different fonts, text sizes and colours, and doesn’t look as professional as you’d expect from a genuine Microsoft message.

How the scam works

If you click the link on this email, it will take you to a website where you’ll be asked to click another link to ‘verify your account.’

You’ll then be sent to another webpage that uses fake Hotmail branding and asks you to enter your email address and password. This page includes a ‘Weebly’ logo. Weebly is a hosting service that allows people to build their own websites for free. 

If you enter your details, you’ll be giving the scammers access to your emails.

A fake website phishing for your Hotmail log in details
A fake website phishing for your Hotmail login details

Microsoft told Which?: ‘This is not a genuine communication from Microsoft. Unfortunately, the names of reputable companies like Microsoft are often used fraudulently to lull victims into a false sense of security.  Our customers are often targeted by criminals who are always seeking new and increasingly sophisticated ways to deceive their victims. The best way to report these scams, if you wish to do so, is via the Action Fraud website.’

Avoiding and reporting scam emails

If you receive an unexpected email from a brand, don’t click on any links. Instead, log in to your online account yourself to see if you have any genuine notifications.

If the sender’s email address looks suspicious, navigate to the brand’s website or use a search engine such as Google to check if the address is a genuine one.

You can forward suspicious emails to report@phishing.gov.uk. You can also report them to your email provider by selecting ‘Report Spam’ on Gmail, ‘Report phishing’ on Hotmail or by forwarding the email to abuse@yahoo.com on a Yahoo account.

More on this

Related articles