SCAM📧 Email · phishingHigh risk

Microsoft "Unusual Sign-In from China" Email Scam

Unusual sign-in from foreign location — nation-state fear bypasses critical thinking

Microsoft detected an unusual sign-in to [email protected] from China (Beijing). Verify it was you: ms-signin-verify.net

⚠ms-signin-verify.net

✗

Confirmed scam

Unusual sign-in alerts that include a foreign location ('Russia', 'China') are particularly effective fear triggers.

💸

Typical victim loss: $200–$3,000

FTC Consumer Sentinel 2024 — tech support scam median $500

First seen

Aug 2024

3 red flags in this message

Country name chosen for maximum alarm

China, Russia, Iran — countries associated with hacking in public perception.

Placeholder email address

[email protected] is a template not yet customized.

Fake domain

Microsoft verification uses account.microsoft.com only.

What happens if you click

→

Credentials stolen while trying to 'verify' or 'block' the access.

→

Full Microsoft account takeover.

Other versions of this message

Scammers rotate wording to bypass spam filters. All variations lead to the same outcome.

Microsoft: Sign-in from Russia detected on your account. Confirm or block.

Unusual sign-in to your Microsoft account from Iran. Secure your account now.

Got a similar message? Check it now.

Paste any text message or email for an instant analysis — free, no account needed.

Free · No signup · Messages never stored · ⌘↵ to analyze

Fake Microsoft domains used in this scam

ms-signin-verify.netSee domain →microsoft-signin-alert.comSee domain →ms-login-verify.netSee domain →microsoft-new-login.comSee domain →

People also search for

microsoft unusual sign in email scamfake microsoft signin alertmicrosoft new signin email scammicrosoft sign in scamfake microsoft login alertmicrosoft unusual activity scam

Frequently asked questions

What does a real Microsoft unusual sign-in alert include?+

Your actual email address, the IP address, approximate location, device type, and a link to account.microsoft.com — from @microsoft.com domain.

How can I check real Microsoft sign-in history?+

Go to account.microsoft.com > Security > Recent Activity. All sign-ins are listed with country, IP, and device.

Why do these emails sometimes show my real email address?+

Scammers can insert your email address if they obtained it from a data breach. The email address in the message does not validate the email's legitimacy.

Microsoft "Account Security Alert" Email Scam — Phishing Warning

Microsoft account security info changed

→

Microsoft "Password Reset – Cancel It" Email Scam

Password reset cancellation

→

Microsoft "Account Locked – 24 Hours" Text Scam

Microsoft account locked

→

All Microsoft scams →All account takeover scam patterns →

Received a suspicious message?

Free · No signup · AI-powered detection