Security7 min read

Microsoft and Windows Defender Email Scams: Fake Security Alerts and How to Spot Them

Fake Microsoft and Windows Defender security alert emails claim your computer is infected or your account is at risk. They are designed to get you to call a scam number or install malware. Here is how to identify them and respond safely.

By Achyuth Kumar · Founder, TempMailKit

Published · Last reviewed by the TempMailKit editorial team

An email arrives warning you that Windows Defender has detected a virus on your computer, or that your Microsoft account has been compromised and will be deactivated. It has Microsoft's logo, references real product names, and creates urgent pressure to act. These emails are fake — Windows Defender operates locally on your computer and does not send email alerts, and Microsoft does not cold-contact users by email about active threats. Understanding exactly what these scams look like, why they are designed the way they are, and how to verify any real Microsoft communication protects you from both credential theft and the technically damaging step of calling a scammer's "support" line.

The Main Types of Fake Microsoft Security Emails

Windows Defender virus alert: "Microsoft Windows Defender Alert: Your computer is infected with 5 viruses. Call our support team immediately to remove them." Windows Defender is software running on your machine — it displays alerts through the Windows notification system and the Windows Security app on your device. It does not send emails. An email claiming Windows Defender has detected anything on your computer is a scam, period.

Microsoft account suspension warning: "Your Microsoft account will be suspended within 24 hours due to unusual sign-in activity. Click here to verify your identity." The link leads to a fake Microsoft login page. Entering your credentials gives the attacker access to your Microsoft 365 account, OneDrive files, Outlook email, and Xbox account, depending on what is connected.

Microsoft 365 subscription renewal scam: "Your Microsoft 365 subscription has been renewed. You have been charged $299. To cancel, call this number." This follows the same pattern as the Norton/McAfee renewal scam — a fake charge designed to make you call a scammer posing as Microsoft support.

Tech support emails with pop-up links: Some fake Microsoft emails link to pages that display a full-screen pop-up with a fake BSOD (Blue Screen of Death) or a loud audio alert saying "Your computer has been locked by Microsoft." These are scare tactics with no technical basis — the "lock" can be closed by pressing Escape or Alt+F4. Never call the number displayed on such a page.

How to Verify Real Microsoft Communication

Real Microsoft security emails come from @microsoft.com addresses — the most common legitimate addresses include account-security-noreply@accountprotection.microsoft.com and microsoft-noreply@microsoft.com. Microsoft does send genuine sign-in alerts and security notifications, but these notify you of specific events (a sign-in from a new location or device) rather than asking you to take action via phone or a non-microsoft.com link.

To check the status of your Microsoft account: go to account.microsoft.com directly by typing it in your browser. Any real security alerts or account issues will be visible there under Security → Recent activity. If there is no security issue shown in your account, any email claiming there is an emergency is fake.

Microsoft's genuine security notifications always link to microsoft.com or account.microsoft.com — never to any other domain. Hover over links to check their destinations. A legitimate Microsoft email will never ask you to call a phone number to address a security issue.

The Tech Support Scam Connection

Many fake Microsoft emails are the entry point for tech support scams. The goal is to get you to call a phone number where the "technician" asks for remote access to your computer. Once connected, they fabricate "evidence" of infection using legitimate Windows tools (Event Viewer, which shows normal log entries they describe as virus activity; Netstat, which shows normal network connections they claim are hackers), then demand payment to "clean" your computer. They charge hundreds to thousands of dollars for doing nothing, or steal banking information during the session. Microsoft does not provide unsolicited phone support and will never ask you to call a number in an email to deal with a computer infection.

What to Do If You Called and Gave Access

If you provided remote access to someone posing as Microsoft support: disconnect from the internet immediately. Run a full malware scan from reputable software. Change your Microsoft account password and the passwords for your key accounts (banking, email, other major services) from a different device. If you made a payment — especially via gift card or wire transfer — report it to your bank and to the FTC at reportfraud.ftc.gov. Report the scam to Microsoft's dedicated reporting page at microsoft.com/en-us/reportascam.

Frequently Asked Questions

Can Windows Defender send me an email saying my computer is infected?

No. Windows Defender is software running on your local device. Its alerts appear through the Windows notification system and the Windows Security application on your computer. It does not send emails. Any email claiming to be a Windows Defender virus alert is a scam regardless of how official it looks.

Microsoft emailed me saying my account will be suspended. Is it real?

Check the sender address — it must be from @microsoft.com. Log into account.microsoft.com directly (type the address, do not click the email link) and check your account status and recent security activity. If your account is accessible normally and shows no security alerts, the suspension email was fake. If there is a genuine issue, you will see it in your account and can address it from there without clicking any link in the email.

I paid a fake Microsoft tech support person. Can I get my money back?

Contact your bank immediately and explain you were the victim of a tech support scam. If the payment was by credit card, initiate a chargeback — credit card companies often succeed in reversing fraudulent charges. If the payment was via gift card or wire transfer, recovery is much harder but still worth reporting to your bank and to the FTC. File a report at reportfraud.ftc.gov and with your local police as the incident constitutes fraud.

Achyuth Kumar

Founder & editor, TempMailKit

Achyuth builds privacy tools and writes TempMailKit’s guides on email security, spam, and online privacy. Every article is checked against primary sources and our editorial policy before it is published. Questions or a correction? Get in touch.

Ready to protect your inbox?

Generate a free temporary email address in one click. No sign-up required.

Get a Free Temp Email