[German]It is well known that Microsoft closes user accounts if they have not been used for a long time. It is also well known that phishers try to lure victims with "account closure" mails to sites for harvesting credentials. However, what becomes toxic is a combination where Microsoft itself warns about closing an account due to inactivity, but sends these mails to the wrong senders. These are probably only a few cases, but it should cause those affected to either delete the mail without comment as a "phishing attempt" or to wonder about Microsoft.
Inactive Microsoft accounts are closed
Microsoft is trying to sell its online accounts (Microsoft accounts) to the people like sour meat. Every Windows user is virtually forced to have a Microsoft account. Yesterday, when I created a Skype user account for my daughter with a gmail address, I was also greeted with a "Microsoft account". So far, so normal in the Microsoft cosmos.
From phishers ….
Of course, phishers take advantage of this fact and send mass emails to potential victims with a notification that a Microsoft account will be closed. If you happen to have a Microsoft account and rarely use it, you may start to panic. Nice enough, the phishing email also contains a link to log in to the account briefly in order to bypass the deactivation.
However, this link leads to a page of the phishers. If the victim enters his or her credentials there, the criminals will harvest them and use them for an account hack. In the Microsoft Answers forum, this is considered a phishing version. Malwaretips.com has also published a blog post Fake "Your Account Is Set To Close" Microsoft Email Scam on the subject.
There are recommdations, saying, that Microsoft always address such mails personally, i.e. not "Dear Sir or Madam", but specifically with the name stored in the account.
In the end, when you receive such a message, you will either delete it immediately. Or you will have to analyze the content and the target links more closely to confirm wether it is a phishing attempts or not. This includes looking at the header of the email to see if it really comes from Microsoft. Up to this point, everything is still fine, although it is unpleasant to be bothered with something like this.
… and Microsoft's failed notifications
German blogger Martin Geuß from Dr. Windows has now uncovered cases where Microsoft sends an email with the notification of account deletion, which is then incorrect and probably even goes to the wrong people. He received the following text (which I've translated) and deleted the message as phishing:
Your <name>@outlook.com account is scheduled for closure on 3/27/2023 due to inactivity. Once your account is closed, it will be deleted as per Microsoft service agreement.
If you wish to continue using your account, simply sign in again by 03/27/2023. In this case, all of your files, data, and information will continue to be available to you unchanged.
Click here for more information.
With best regards
Your Microsoft Account Team
Then, when another case hit the Dr. Windows community, he started an investigation. In the community, the affected person received an English-language message complaining that his account was not inactive. Here is the (translated) text of the forum post:
early this morning I received an English-language email stating that the Microsoft account is to be deleted as of 03/31/2022.
The account is, contrary to what the email says, not inactive; emails are sent and received from this account on a regular basis. Furthermore, the account is part of a Microsoft 365 Family membership, whereby Onedrive is mainly used here.
However, logging into the account itself may not have happened for some time.
Not sure if this is a fake? The anonymized email and first name given in the mail are correct and the mail was sent to a t-online address, which as far as I can remember was stored as a reference address in the account.
Can anyone help me and tell if the mail is genuine and/or what I should do best. Deleting it would be more than suboptimal in conjunction with the data loss it would cause.
Idea would be to log me (not via the link) in the MS account and see if there is anything to see here; possibly still make a PW change.
The notification email to the affected person looks like the one shown below. Also there, March 31, 2023 is mentioned as the date of account closure (same as above).
Martin Geuß then retrieved his already deleted mail from the server again and analyzed the header. The mail came from Microsoft (email@example.com) and the link contained in the message leads to the Microsoft support page Microsoft account activity policy, as Martin writes.
And at this point it becomes critical, because Martin Geuß states that he does not have an email address that matches the pattern Mafirstname.lastname@example.org given in Microsoft's letter. He has also not registered anywhere at Microsoft with the user name Jdbnd. Martin suspects that inactive accounts were detected, but the notifications were then sent to the wrong e-mail addresses.
At this point, at the latest, it becomes legally tricky, because the mail could be considered a violation of the General Data Protection Regulation (GDPR). This is because the user name and the e-mail are personal data that was transmitted to third parties without the consent of the person concerned.
In the Dr. Windows forum another user has left a link to this German Microsoft Answers forum post, where an untraceable account closure notification is also discussed.
Security notification for Microsoft account (distribution list)
we get a mail from MS that is not traceable:
Your account will be closed on 26/03/2023.
Your account an**e@***.com is scheduled for closure on 03/26/2023 due to inactivity. Once closed, your account will be deleted in accordance with the Microsoft Service Agreement.
If you wish to continue using your account, simply sign in again by 03/26/2023. In this case, all of your files, data and information will continue to be available to you unchanged.
The whole thing is absolutely incomprehensible, since the address is a mailing list and not a mailbox.
What can I do about it?
There, a second user also confirms the receipt of a mail. It looks like something is going wrong at Microsoft. The link to the Microsoft support page Microsoft account activity policy that Martin found, however, indicates, that it's a legit Microsoft mail. If someone is affected, he can leave a comment.
Stop: Arbitrary blocking of Microsoft Accounts
Microsoft's account suspensions and the OneDrive 'nude' photos
Microsoft account lockout, an exemplary case
Google account blocked and police action because of toddler photos for the doctor
Outlook.com 'account suspensions' due to unusual sign-in activities – is Microsoft's AI running amok, or are accounts compromised?
Microsoft account lockout due to bug when redeeming Microsoft Rewards Points (June 3, 2022)
Cookies helps to fund this blog: Cookie settings