Microsoft email validation warning is a scam

An email that appears to come from Microsoft warning of a software vulnerability and requesting you to validate your email account information, is a scam and should be deleted.

For information and advice about how to spot and deal with email scams, click here

The email purports to be issued by the company's Digital Crimes Unit and reads:

Dear Email User,

Due to a new vulnerability which is exploited by hackers to steal your online details.

Microsoft Digital Crimes Unit in 2013 has hereby developed a new security measure.

All users of the Internet and Microsoft products are hereby required to validate there email account information irregardless of their Internet service provider or Host company.

To validate your email account and to prevent hackers from exploiting the new vulnerability.

Please download the "Microsoft_STF" file attached, extract the file on to your desktop and open.Once done you will updated on Microsoft security database.

Please note that if your email is not validated, your email will be at risk for hackers getting into your personal or business email account there by getting access to classified or privileged


2013 Microsoft Digital Crimes Unit

Attached to the email is a file called, which is in reality a Trojan horse containing malware.

According to the email, "all users of the internet" should run the program to validate there email account. Apart from containing telltale spelling errors, the email does something that the genuine Microsoft would never do … contain an attachment, or alternatively include a clickable link.

Written by

In partnership with