Another Day, Another Scam
Another Day, Another Scam: a reader asks…
Hi Chris, I got this email from Microsoft. Is it legit, or a scam?
Unfortunately, it’s a scam, e.g., a phishing email. First off, Microsoft would never send you an email like this, no legitimate business would do this. Secondly, a casual search of the search term: “microsoft scam onedrive inactive” shows this link at Microsoft which defines this as a phishing scam and points to another Microsoft page that gives advice on how to spot a phishing email. It also advises you to report the email to Microsoft at https://msrc.microsoft.com/report/
What worries me about this email is that the From: line looks legitimate. Usually scam emails like this have some random address in the From: line, not a valid email address from the company. Email service providers (like Microsoft & Google) use some pretty robust anti-scam tools to prevent unauthorized people from sending email from their domains (for entirely too much detail, see my article Spoofing your Email. I’ve seen an increase in the ability of scammers to be able to circumvent these anti-scam features – so be warned.
You’re safest to approach all email with a healthy dose of skepticism. Especially warning emails from seemingly-legitimate companies. No legitimate company is going to ask you for your account password, and you should never click on a link in an email to open a login page – those are too easy to fake.
For people who use a Microsoft Windows computer, it comes with pretty good protection built in now, such as Windows Security (Windows 10) and Microsoft Defender (Windows 10/11). However they aren’t perfect. What I recommend is that users purchase Malwarebytes Premium and also install the Malwarebytes Browser Guard extension on all web browsers you have installed (Microsoft Edge, Google Chrome, Mozilla Firefox, etc.). While they can’t stop you from receiving scam emails, they can protect you from the effects by blocking malware from getting on your computer, and blocking you from opening websites that aren’t safe.
Be sure to setup Malwarebytes correctly. I have an older article that explains this, and while the Malwarebytes interface has changed somewhat since then, the main factors are still the same. Open Malwarebytes and visit the Settings (gear icon):
- In the General Section, enable self-protection module early start and uncheck “Always register Malwarebytes in the Windows Security Center” (important so that both Malwarebytes and Windows Security/Microsoft Defender work together)
- In the Scan and detection section, enable Scan for rootkits
- In the Protection section, turn on everything, and set a password to protect anything in Malwarebytes from being turned off by someone without that password.
Be suspicious of anything that pops up on your screen that you don’t recognize, whether from email or a website or just a popup. For that matter, never respond to any warning phone calls, the scammers are working hard to figure out new ways to scam you out of your money, your privacy and your identity.
This website runs on a patronage model. If you find my answers of value, please consider supporting me by sending any dollar amount via:
or by mailing a check/cash to PosiTek.net LLC 1934 Old Gallows Road, Suite 350, Tysons Corner VA 22182. I am not a non-profit, but your support helps me to continue delivering advice and consumer technology support to the public. Thanks!