Cybercriminals are now sending fake Microsoft emails claiming your Outlook account is compromised — but clicking those links can steal your login details and flood your inbox with fake blackmail messages. If you’ve received one, opened it, or suspect your account is infected, here’s exactly what to do to secure your Outlook account and remove the malware.
How This Fake Microsoft Page Scam Works
Scammers send an email that looks like it came from Microsoft Outlook, warning that your account will be blocked unless you “verify” or “secure” it. When you click the link, it redirects you to a fake Microsoft login page designed to steal your credentials.
Once they capture your password, they may:
- Send blackmail or extortion messages pretending to have compromising photos or data.
- Create automated drafts or rules to send you repeated threats.
- Try to log in to your real Outlook or OneDrive account.
If you haven’t shared personal files or photos, these emails are fake and baseless. The scammers don’t actually have any of your data.
Step 1 – Change Your Outlook Password Immediately
Go directly to Microsoft’s official security page (never use links in emails):
https://account.microsoft.com/security
- Choose “Change Password.”
- Create a strong, unique password — avoid reusing old ones.
- If you used the same password on other accounts, update those too.
Step 2 – Enable Two-Step Verification
Two-step verification adds another layer of security. Even if scammers know your password, they can’t log in without your phone or authentication app.
- Go to Microsoft Account → Security → Advanced Security Options
- Enable Two-step Verification
- Add both phone number and authenticator app as recovery options
Step 3 – Review Recent Activity
Check if anyone else has accessed your account:
https://account.live.com/Activity
- Review each login.
- If you see unknown IPs or devices, click “This wasn’t me.”
- Microsoft will automatically sign out suspicious sessions.
Step 4 – Remove Repeating or Drafted Malware Emails
Sometimes the fake messages reappear because scammers created email rules or auto-drafts in your Outlook account.
To delete them:
- Open https://outlook.live.com
- Click Settings (⚙️) → View all Outlook settings → Mail → Rules
- Delete any unfamiliar rules that forward, send, or auto-reply emails
- Check and clear Drafts, Sent Items, Outbox, and Junk Email
- Empty Deleted Items
Step 5 – Scan Your PC for Malware
Even if the attack was online, scanning your PC ensures no hidden malware was installed.
Use Microsoft Defender (Built-In)
- Open Windows Security → Virus & Threat Protection
- Run a Full Scan
- After that, select Microsoft Defender Offline Scan to check deeper system files
Optional: Additional Free Scanners
- Malwarebytes Free
- ESET Online Scanner
Run both for maximum safety.
Step 6 – Block and Report the Scammers
- Right-click on the fake message → Report → Phishing
- Then Block Sender to stop future emails
- Do not reply or engage, even to say “stop sending” — it confirms your account is active
Step 7 – Verify Recovery Information
Update your recovery phone and backup email:
- Go to Microsoft Account → Security → Additional security options
- Ensure your backup email and phone belong to you only
Step 8 – Stay Protected from Future Phishing Emails
- Microsoft never asks you to verify your account through links.
- Always check the website URL: genuine pages use
https://login.microsoftonline.comorhttps://outlook.live.com - Turn on Microsoft Defender SmartScreen in your browser.
- Use a password manager to generate and store strong passwords.
If you opened a fake Microsoft link but changed your password immediately and ran a malware scan — your Outlook account is safe.
These extortion messages are automated scams with no real data behind them. Stay calm, secure your devices, and always verify before you click.
Read More:
