Is a Microsoft 365 email asking me to update my payment details real?
Microsoft 365 payment and billing emails are heavily cloned by phishers. Always verify billing issues by logging in to your Microsoft account directly — never through a link in an email.
Last reviewed: 1 June 2026
Explanation
Microsoft 365 subscription billing scams are among the most-reported business phishing emails. They appear to come from Microsoft billing and warn that your subscription payment has failed and your account will be suspended unless you update your card details. For businesses, this creates particular urgency because losing email and Office tools is disruptive. The link leads to a convincing fake Microsoft login page that captures your Microsoft 365 credentials. With these credentials, attackers access your email, SharePoint, OneDrive, and any connected systems. Genuine Microsoft billing notifications can be verified inside the Microsoft 365 admin centre or your personal account billing section — always access these directly at account.microsoft.com.
Common red flags
- Email warns of imminent subscription cancellation unless you update payment
- Link goes to a URL that is not microsoft.com or microsoftonline.com
- Email asks you to log in and then immediately re-enter your full card details
- Sender address is not from an official microsoft.com domain
What to do now
- Do not click any link in the email
- Log in to account.microsoft.com or the Microsoft 365 admin centre directly
- Check your billing status there for any genuine payment issues
- Report the phishing email to Microsoft at [email protected]
Frequently asked questions
What if the email is in the same format as real Microsoft emails I have received before?
Phishing emails precisely copy genuine template formatting. Visual similarity does not confirm authenticity — always verify through direct login.