Share via

Microsoft 2FA Security Authenticator

Lovelock, Michelle 20 Reputation points
2025-07-22T08:43:18.4033333+00:00

I have received the below email from * PII Removed @ PII Removed *.microsoft-alerts.com, with a QR code to scan. I wanted to check if this is really from Microsoft or a scam?

Your Microsoft 2FA Security Authenticator access expires soon.

 To avoid getting locked out of your account, please follow below instruction.

  1. Open the camera app on your mobile device
  2. Point the camera at the QR code below
  3. When prompted, tap the notification to open the associated link.

Important: This QR code expires in 48 hours. Action is required immediately to avoid service interruption. If you cannot scan the QR code, please use this link instead

 

Microsoft 365 and Office | Install, redeem, activate | Other | Other
0 comments
Answer accepted by question author
  1. Hani-Ng 4,240 Reputation points Microsoft External Staff Moderator
    2025-07-22T08:59:15.17+00:00

    Hi Lovelock, Michelle

    Thank you for reaching out to the Microsoft Q&A forum regarding the email you received from that address @.microsoft-alerts.com. 

    After reviewing the details, we can confirm that this message is not a legitimate communication from Microsoft. Microsoft does not send authentication or security-related notifications from this domain, and the use of QR codes in unsolicited emails is a known tactic commonly associated with phishing attempts. 

    To ensure the security of your account, we kindly advise you to take the following actions: 

    1. Do not scan the QR code or click any links contained in the email. 
    2. Delete the email from your inbox and trash folder. 
    3. If you have already interacted with the email: 
    • Immediately change your Microsoft account password. 
      • Review your recent sign-in activity at https://account.microsoft.com
      • Enable additional security features such as multi-factor authentication or password less sign-in. 

    We also recommend forwarding the suspicious email to reportphishing@microsoft.com so our security team can investigate further. 

    We appreciate your diligence in verifying this communication. If you require any assistance with securing your account or have further questions, please do not hesitate to reach out. 

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".     

    User's image

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.   

    2 people found this answer helpful.
    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Time Lady 38,260 Reputation points Independent Advisor
    2025-07-22T14:11:20.54+00:00

    To add to the above reply: The email is certainly not genuine so please do not scan any QR code contained in the email. If unsure whether an email is genuine or not then you can hover your mouse over any links if the shown url doesn’t match the text then it is a scam/fake email intended to obtain sign in details. You can also click on the ‘From’ address to see whether that matches the text shown.

    1 person found this answer helpful.
    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.