Share via

Phishing attempt for 365 family

Michael Glatz 20 Reputation points
2025-12-12T13:59:02.9533333+00:00

"Microsoft" sent me what looks very much like an official email regarding my mothers account.
She is the owner of our 365 subscription and pays the bill. However, since I am more aware of threats online like phishes and what not. I get the email notifications and I vet them before she sees them. Last night at 9:30 at night I got a strange email from "Microsoft" saying that my subscription didn't go through and listened the last four digits of my moms old card. This card was compromised and we went through the process to change the card numbers to her active card. Could a member of the team explain to me what is going on. This email was sent from the the Official Microsoft noreply bot. However with old information? I wonder if the old attackers reached out to me and spoofed their email. Regards. Michael Glatz

Microsoft 365 and Office | Other
0 comments
Answer accepted by question author
  1. Aron 7,035 Reputation points Independent Advisor
    2025-12-12T14:35:27.4633333+00:00

    Got it, thanks for clarifying.

    If the email truly came from microsoft-noreply@microsoft.com, that’s the official domain Microsoft uses for automated notifications, but spoofing can still make it appear that way in the display name.

    Since you already marked it as phishing, you can’t retrieve the full header now, but the old card detail is the biggest clue, it suggests the attacker had access to previously leaked payment info and is using it to make the email look authentic.

    Real Microsoft billing emails will never ask you to update payment through a link in the email; they’ll direct you to sign in at account.microsoft.com.

    At this point, the best steps are to confirm your subscription status in your account, review recent sign-ins under Microsoft Security, and make sure MFA is enabled on your mother’s account.

    Quick question, did the email include any urgency language like “update now” or “service will be suspended”?

    That helps confirm if it was a phishing lure.

    Regards,
    Aron

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2025-12-12T13:59:15.4566667+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    It sounds like you may have received a phishing email that is attempting to impersonate Microsoft. Phishing scams often use spoofed email addresses to make it appear as though the email is coming from a legitimate source. In your case, the email claiming that your subscription didn't go through and referencing old card information raises red flags, especially since you mentioned that the card was compromised and changed.

    To determine if the email is genuine, check the sender's email address carefully. Legitimate emails from Microsoft support will come from domains like microsoft.com, microsoftsupport.com, or mail.support.microsoft.com. If the email is from a different domain, it is likely a phishing attempt.

    If you suspect the email is a scam, do not click any links or provide any personal information. Instead, you can report the email to Microsoft and contact them directly through official channels to verify the status of your subscription.

    It's also a good practice to change passwords and monitor accounts for any unauthorized activity if you believe you have been targeted by phishing attempts.

    References:

    0 comments
  2. Michael Glatz 20 Reputation points
    2025-12-12T14:07:23.8833333+00:00

    I already marked it as a phishing attempt which means I can't pull it back up on my end. However the Email was microsoft-noreply@microsoft.com so it looked official enough.

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.