Microsoft scam warning: fake Outlook ‘upgrade’ email

A mobile handset showing a scam warning

Microsoft scam warning as a fake email instructing you to ‘reactivate’ your Outlook email account following an ‘upgrade’ is circulating. Here’s what it looks like.

A Microsoft scam is doing the rounds. Fake emails claiming to be from Microsoft’s ‘customer support’ could hijack your email account and steal sensitive personal data.

Here’s how to spot a scam if you receive anything suspicious. Plus we reveal what the Microsoft scam email looks like and how you can avoid falling victim.

What is a phishing scam?

The go-to tactic of scam phishing emails is to create a sense of panic that rushes you into taking action. And this fake email claiming to be from Microsoft is no different.

These emails are attempting to worry you into clicking on a link that could request your sensitive personal information, such as the password to your email account.

What’s in the fake Microsoft email?

An example of a Microsoft scam email

This email has arrived in the recipient’s inbox with the sender appearing only as ‘customer support’. It has also been sent to two convincing-looking email addresses in an attempt to appear legitimate.

It begins by informing the potential victim that this is a ‘final reminder’ and immediately addresses the recipient as ‘Microsoft User’. These are the first signs that everything isn’t as it seems.

The email goes on to claim that your ‘messages were placed on hold’ due to a ‘new upgrade to our database’. However, if you receive this, you won’t have experienced any issues as the claim is fraudulent.

Microsoft/Outlook has nothing to do with this message and wouldn’t be closing ‘old versions’ of its service in this way. The email is attempting to get you to click through to a website designed to extract your sensitive personal information.

This could include your email login details or even your payment information.

How can I spot a fake Microsoft/Outlook email?

Creating a sense of urgency and addressing a recipient in a generic way are both common signs of fake emails. If you’ve received an email out of the blue instructing you to take a certain action, take the time to assess all of its claims.

Investigate the email address it’s been sent from. And look at the URL of any links it’s attempting to send you to before you click on them. If the web address is anything other than or, alarm bells should ring. If it appears suspicious, don’t engage with it.

I think I’ve been scammed by a fake Microsoft/Outlook email. What should I do?

If you think you may have entered sensitive information – such as your bank or card details – into a third-party site you were taken to by a suspicious Microsoft/Outlook email, you must let your bank know what’s happened via its official channels immediately.

Most of the big banks are signed up to the Stop Scams UK scheme, so alternatively you could call the 159 hotline.

You can report a scam and hopefully get your money back. Your bank should work with you to cancel your card, block any pending payments (if required) and refund the money you’ve lost.

You should also then keep an eye out for any follow-up scams that could occur if you’ve given any contact details away to fraudsters. Treat any contact you receive out of the blue with caution.

Securing your account with two-factor authentication

You can guard against fraudsters from accessing your account via your password by ensuring you have two-factor authentication enabled on your account.

This will apply an extra layer of security to your account by generating codes that only you have access to via your own devices. Read Microsoft’s guide to setting up two-factor authentication.

How can I report Microsoft/Outlook scam emails?

Fake emails can be marked as junk and reported to Microsoft from within Outlook itself. Above the reading pane (the window in which the email text appears), select Junk, then Phishing, then Report.

Fraudulent emails and phishing websites can also be reported to the National Cyber Security Centre at [email protected]. Action can then be taken to remove these websites.

If you’re going to warn friends and family about a scam, send them a screenshot instead of forwarding suspicious emails directly.

A spokesperson for Microsoft said: “Unfortunately, the names of reputable companies like Microsoft are often used fraudulently to lull victims into a false sense of security. Our customers are often targeted by criminals who are always seeking new and increasingly sophisticated ways to deceive their victims. The best way to report these scams, if you wish to do so, is via the Action Fraud website.”