Text Messages from Microsoft – Genuine or Phishing?

If you receive text messages from Microsoft, they could be genuine, or they could be some kind of phishing attempt. We’ll discuss both in this post about why Microsoft is texting you. With text messaging becoming so popular, scams involving SMS’s had to appear! Smishing is a term coined from Short Message Service (SMS) and Phishing. Let us find out!

Why is Microsoft texting me?

Why is Microsoft texting me

If there is a link in the text message, beware. It could be a phishing attempt as explained in the next section. But if it is numbers or some alphanumeric thing in the text message, it could be a genuine one-time password or something that tries to identify if it is really you trying to log into your Microsoft account.

Accounts that have two-step-verification setup gets text messages containing information that will help you complete the login process. Such messages seldom contain any link. If you see a shortened link in account verification message, it should take you to a knowledge base article or open Microsoft support page. Just don’t click on the link without knowing where the link leads to. There are URL expanders that help you see where a shortened link (bit.ly, ms.ft, or goo.gl) leads to.

Besides OTP (one-time password), Microsoft may text you to:

  1. Inform you that you logged in successfully, in case it suspects unauthorized logins so that you can prevent your account from being stolen
  2. Tell you that someone is trying to log into your account; this happens when there is a significant difference in area codes; there are false positives too, sometimes, so you need not to worry; if you receive similar messages every day, contact Microsoft Support
  3. Tell you that someone is trying to log into your account using a new browser/device; again, there can be false positives, but it is better to know that Microsoft is caring for your login information and thereby securing your data

The above could be some reasons why Microsoft is texting you. If you do not wish to receive OTP every time you log in, you may use the Microsoft Authenticator app.

Earlier, the hackers had only the computers and related peripherals to attack. With smartphones, it has become easier to cheat people. You just received a message from something like XX-MSFT and the message contains a link asking to be clicked. What would you do in case of emails if you are not sure if it is genuine? You will not click the link in the email.

You will log into your Microsoft account and navigate to pages mentioned in the email message. If the pages are not there, you simply delete the email instead of trying to reach Microsoft using the links specified in the email

The same applies here, in case of text messages. The origin of the messages cannot be confirmed as there won’t be a valid number but just a name that says or relates to Microsoft. If there is no way you can validate the number or the contact-name, never click any links. Because the links in smartphones will be shortened links like goo.gl or bit.ly. They cause damage to your device if the link turns out to be a fake one.

TIP: Never click any link in any text messages from anyone if you don’t know where it leads you.

Posted by on , in Category Security with Tags
Arun Kumar is a Microsoft MVP alumnus, obsessed with technology, especially the Internet. He deals with the multimedia content needs of training and corporate houses. Follow him on Twitter @PowercutIN