Hovering over the links in the legitimate version of the email should point to locations on the microsoft.com domain. Anything else should be treated as suspicious.
Reviewing the email headers can also offer clues whether the email is legitimate. For example, some samples of this rogue email message come from an IP address in China, McRee said.
Sign up for CIO Asia eNewsletters.