Microsoft Account Password Expired Scam
You get an email that looks like it’s from Microsoft saying your password has expired and you must “Update Password Now” within 24 hours. It warns you could lose access to Outlook, OneDrive, Office 365, or Teams. The button leads to a fake sign-in page that steals your email and password. The message uses urgent, scary language to make you act fast.
How this scam works
- 1
Step 1: An email arrives claiming your Microsoft password has expired or will expire soon.
- 2
Step 2: It lists services like Outlook, OneDrive, Office 365, and Teams to raise the stakes.
- 3
Step 3: A big button says 'Update Password Now' that opens a fake Microsoft sign-in page.
- 4
Step 4: You enter your email and password; scammers capture them instantly.
- 5
Step 5: They can log in to your account, read emails, reset your password, and try the same password on other accounts.
✓ Do this
- Go to account.microsoft.com or office.com by typing it yourself, or use the official Microsoft apps to check for alerts.
- Sign in normally; if your password truly expired, Microsoft will prompt you after you log in.
- Turn on two-step verification (2FA) in your Microsoft account for added protection.
- If this is a work or school account, contact your IT help desk to confirm before taking any action.
- If you clicked and entered info, change your Microsoft password immediately and review recent sign-ins.
✗ Avoid this
- Don’t click 'Update Password' buttons in unexpected emails.
- Don’t enter your password on any page opened from an email link.
- Don’t be rushed by threats like '24 hours left' or 'files will be deleted.'
- Don’t reply to the email or call numbers listed in it; use official support channels instead.
Different versions of this scam
1 exampleQuick tip: Verify independently
Don’t call numbers or click links in unexpected messages. Go directly to the company’s official site or app and contact support from there.