Microsoft Account Suspended Email Scam: UK Guide to Spotting Fake Messages
Scammers impersonate Microsoft to trick you into revealing your password and personal information through fake account suspension warnings.
What is this scam?
The Microsoft account suspended email scam targets UK users with urgent-sounding messages claiming their account has been locked, compromised, or will be deleted. The scammer uses Microsoft branding, logos, and official-looking design to create a convincing fake email. They claim you need to verify your identity immediately by clicking a link, entering your password, or confirming personal details. The email might mention suspicious activity, an unusual sign-in location, or overdue payment to create panic. Once you click the link, you're taken to a fake Microsoft login page (often with a URL that looks almost genuine but isn't). When you enter your details, the scammer captures your email address, password, security questions, recovery phone number, and sometimes payment card information. This access allows them to lock you out of your real account, reset your password, steal data, send emails from your account, or make unauthorised purchases.
Warning signs to look for
['- The email asks you to click a link to verify your account or confirm your identity — Microsoft rarely does this via email.', "- The sender's email address looks almost right but isn't (e.g., microsft-verify@mail.com or support-microsoft@domain.co.uk instead of microsoft.com).", "- The email uses vague language like 'suspicious activity detected' without specifying what happened or when.", "- There's extreme urgency: phrases like 'verify within 24 hours' or 'your account will be deleted' designed to make you panic.", '- The email asks for your password, recovery email, phone number, or payment card details — Microsoft never asks for these via email.', '- Spelling or grammar mistakes appear in the message, especially in headings or action buttons.', "- The link in the email doesn't go to a real Microsoft domain when you hover over it (right-click and select 'Copy link address').", "- The email doesn't address you by name or uses a generic greeting like 'Dear User' or 'Dear Customer'."]
How this scam works step by step
The scam begins when you receive an email that looks like it's from Microsoft, often arriving in your inbox alongside legitimate emails to avoid immediate suspicion. The subject line creates urgency — 'Your account has been suspended' or 'Confirm your Microsoft account now'. You open the email and see Microsoft logos, formatting that matches genuine Microsoft emails, and a message claiming something is wrong with your account. The email includes a button or link saying 'Verify Account', 'Confirm Identity', or 'Review Activity'. When you click the link, you're taken to a fake website that mirrors the real Microsoft login page perfectly. You enter your email address and password, thinking you're logging into Microsoft. The page may then ask for additional information: your recovery email, phone number, date of birth, or payment card details for 'account verification'. Once you've entered your details, the page either shows an error message (to avoid suspicion) or pretends to succeed. Behind the scenes, the scammer now has your credentials. They log into your real Microsoft account, change the password, add a recovery email they control, and lock you out. They can then reset passwords for linked services like Outlook, OneDrive, Skype, or Xbox, steal your data, or use your account to send phishing emails to your contacts.
How to verify if it is genuine
Never click links in emails claiming your Microsoft account has been suspended. Instead, go directly to microsoft.com by typing it into your browser address bar yourself. Log in with your password, then look for any genuine alerts in your account dashboard. If there's a real issue, Microsoft will show it here without asking you to re-enter your password. Check the sender's email address carefully by clicking on their name in the email — genuine Microsoft emails come from @microsoft.com, @outlook.com, or @xbox.com addresses only. Hover over any links (don't click) and look at the URL in the bottom left of your screen — it should start with microsoft.com. If it says something else, it's fake. Microsoft will never ask for your password, recovery email, phone number, or payment details via email. If the email asks for these, it's definitely a scam. You can also check if others have reported the sender by searching the email address online or checking trusted security websites. For guidance on spotting fake websites, see our guide on /guides/is-this-website-a-scam/.
What to do if you have already interacted
If you clicked the link but didn't enter any details, you can stop here — no action is needed. If you entered your Microsoft password on the fake page, change your password immediately by going to account.microsoft.com in your browser and signing in with your current password. Click 'Security' on the left, then 'Change password' and create a strong new password that you haven't used anywhere else. If you also shared your recovery email or phone number, add a new recovery email or phone through the same security settings to prevent the scammer from locking you out. Check your account activity for any unauthorised sign-ins: go to account.microsoft.com, click 'Security', then 'View your activity'. If you see sign-ins from locations you don't recognise, sign out all other sessions immediately. If you entered payment card details, contact your bank straight away on the number on the back of your card (not a number from your email) to report the potential fraud and ask them to monitor your account or cancel the card. Review any linked accounts (Gmail, Apple, Amazon) and change those passwords too if you use the same one. Then follow the reporting steps below.
Reporting this scam in the UK
Report the email to Action Fraud, the UK's national fraud reporting centre, by calling 0300 123 2040 or visiting actionfraud.police.uk. You'll need to describe what happened, the date you received the email, and any details about the scammer's email address or the website you visited. Forward the suspicious email to the NCSC (National Cyber Security Centre) by sending it to report@phishing.gov.uk — just forward the entire email as an attachment. They use reports to take down fake pages and warn other users. If you received the scam email through your work or organisation, also report it to their IT security team so they can block similar emails for other staff. You can additionally block the sender in your email client (Outlook, Gmail, etc.) by right-clicking the email and selecting 'Block Sender'. Report your Microsoft account as compromised by visiting account.microsoft.com and clicking on 'Security' — Microsoft can investigate and help protect your account. If you're unsure about next steps or want support, call Citizens Advice consumer helpline on 0808 223 1133 (free, weekdays 9am–5pm).
Frequently asked questions
Is Microsoft itself a scam, or is this just criminals pretending to be Microsoft?
Microsoft is a legitimate company — this scam is criminals impersonating them via fake emails. Real Microsoft emails rarely ask you to click links to verify your account. If you're ever unsure, always go to microsoft.com directly in your browser address bar instead of clicking email links.
I already gave the scammers my Microsoft password and they logged in. What happens now?
Change your Microsoft password immediately by going to account.microsoft.com and signing in with your current password. Then check your account activity for unauthorised sign-ins and sign out all other sessions. If you used the same password elsewhere, change those passwords too. Contact your bank if you entered payment details. The scammer can't keep accessing your account once you've changed the password, but act quickly before they lock you out or change the recovery details.
The fake email said my account would be deleted in 24 hours if I didn't verify. Why do scammers use this deadline pressure?
Scammers use urgent deadlines to stop you thinking clearly and checking whether the email is genuine. They know that if you pause and go to microsoft.com directly, you'll realise there's no actual problem and you'll ignore their email. The 24-hour threat is fake — your account won't be deleted. Genuine Microsoft alerts don't use extreme pressure tactics or demand instant action via email.
How do I report a Microsoft phishing email if I've already deleted it?
If you've deleted the email, you can still report the sender's email address to Action Fraud on 0300 123 2040 or actionfraud.police.uk. Tell them the approximate date you received it and describe what the email said. You can also report the email sender to the NCSC at report@phishing.gov.uk — if you don't have the email, describe the sender's address and the fake website they linked to. Both organisations will investigate and work to shut down the scam.