Office365alerts Costco and BT Email Scam

Daniel Zimmermann
Daniel Zimmermann
10 Min Read
Office365alerts phishing email illustration showing a Microsoft 365-style alert split with a suspicious Costco or BT offer lure.
A real-looking alert can still hide a phishing link when brand rewards or account warnings are mixed into the message.

An Office365alerts email that mixes Microsoft 365 alert wording with Costco rewards, BT account warnings, gift cards, payment checks, or other brand offers should be treated as phishing until you verify it outside the message. Real Microsoft 365 alert notifications can exist, especially for business tenants, but a familiar sender name is not enough proof. Do not use the email button. Open the Microsoft Defender or Microsoft Purview portal manually, check whether the alert exists there, and then handle any Costco or BT claim through the official brand site instead of the email link.

This is the same rule we recommend for suspicious phishing emails: the safest link is the one you type or open from a known bookmark, not the one supplied by an unexpected message.

Why This Email Is Confusing

The name Office365alerts sounds close to real Microsoft 365 security and compliance notifications. Microsoft 365 tenants can generate alerts from policies, and administrators may receive email notifications when configured alert conditions are met. That legitimate context is what makes the scam lane effective: a fake message can borrow Microsoft security language, then pivot into a Costco membership lure, a BT billing scare, or a button that points somewhere unrelated.

For a personal mailbox, a sudden Office365alerts message about a retailer or telecom account is already suspicious. For a work mailbox, it still needs portal verification. A real Microsoft 365 alert should be visible in the tenant’s security or compliance portal, with the impacted user, alert policy, severity, and incident details. A fake email usually pushes the reader to click first and verify later.

Fast Safety Check

Before you click anything, check the message as if it were hostile:

  • Sender identity: inspect the full email address and authentication results, not only the display name. Spoofing and abused cloud services can make sender names look convincing.
  • Link destination: hover or copy the link without opening it. A real Microsoft 365 alert should not route through random shorteners, file-sharing pages, parked domains, or lookalike login pages.
  • Brand mismatch: Costco rewards, BT bills, Microsoft 365 alerts, and password warnings do not naturally belong in one unexplained message. Mixed-brand urgency is a phishing signal.
  • Attachment pressure: do not open invoices, HTML files, ZIP archives, OneNote files, or password-protected documents from an alert you did not verify.
  • Credential request: never enter a Microsoft password, one-time code, recovery code, card number, or BT/Costco login from an email button.

If the message is specifically about an unusual Microsoft sign-in, compare it with our Microsoft unusual sign-in email guide. That page covers Microsoft account alerts, while this article focuses on the Office365alerts + brand-lure combination.

How To Verify A Real Microsoft 365 Alert

Use the portal, not the email link:

  1. Open a fresh browser tab and manually go to the Microsoft security portal your organization uses.
  2. Sign in only from the known Microsoft domain, preferably through your normal company SSO flow.
  3. Go to the alerts or incidents area and search for the alert title, user, timestamp, or policy name from the email.
  4. Check whether the alert has a matching severity, affected mailbox, and activity trail. A real alert should have tenant context, not only a generic button.
  5. If you are not an administrator, forward the suspicious email to your IT or security team as an attachment and ask them to verify it in the tenant portal.

If nothing exists in the portal, treat the email as phishing. If the portal confirms a real alert but the email also contains odd Costco or BT wording, handle the Microsoft alert in the portal and report the email separately because the message may be a forwarded, altered, or maliciously mixed lure.

If The Email Mentions Costco Or BT

Brand lures often try to create a second reason to click: a membership renewal, reward, bill, refund, account closure, delivery issue, or payment failure. The safe response is separate verification.

Message claim Safer action
Costco reward, renewal, survey, gift card, or payment notice Do not use the email link. Open Costco from a bookmark or typed address and compare the message with Costco’s current scam examples.
BT bill, mailbox warning, account closure, or password check Do not reply or download attachments. Open BT directly or forward the suspicious message to BT’s phishing reporting address if it claims to be from BT.
Microsoft 365 alert plus a retail or telecom offer Verify the Microsoft alert in the portal first. Mixed brands in one urgent message are a strong reason to quarantine or report the email.

What To Do If You Clicked

Your next step depends on what happened after the click:

  • You only opened the page: close it, do not grant notification permissions, and clear the suspicious tab from browser history if it keeps reopening.
  • You entered a Microsoft password or one-time code: change the password from the official Microsoft page, revoke unfamiliar sessions, check MFA methods, and tell your workplace security team if it was a work account.
  • You entered Costco, BT, card, or banking details: change the affected password from the official site, contact the card issuer or bank, and watch for follow-up scams.
  • You downloaded or opened a file: disconnect from risky networks if the file ran, remove the download, check startup items and browser extensions, and scan the device with a trusted security tool.
  • You allowed browser notifications: remove the suspicious site’s notification permission and reset the affected browser profile if pop-ups continue.

Gridinsoft Anti-Malware can help when the email led to a downloaded attachment, fake document viewer, browser extension, or recurring pop-ups. For broader message triage, use the phishing checklist first; for device cleanup after a file or extension, run a full scan and remove detected components.

After manual cleanup: reboot Windows and run a full scan to check startup entries, scheduled tasks, bundled apps, and hidden files that may restore the threat.

How To Report The Message

For a work Microsoft 365 mailbox, report the message to your internal security team or use the reporting workflow your organization provides. Preserve headers if the team asks for them. If the lure claims to be from Costco or BT, use the brand’s official reporting instructions rather than replying to the sender.

Administrators should also review whether similar messages reached other users, whether any user clicked, and whether the same sender, URL, subject, or attachment hash appears elsewhere in the tenant. If the campaign used QR codes, use the same caution described in our QR code phishing guide. If the sender domain looks spoofed, our email spoofing prevention guide explains the SPF, DKIM, and DMARC side.

FAQ

Is [email protected] always legitimate?

No. It can be associated with real Microsoft 365 notifications in some contexts, but sender text alone is not proof. Verify the alert from the Microsoft portal or your organization’s security team before clicking.

Why would a Microsoft 365 alert mention Costco or BT?

It usually should not, unless the brand name appears inside a quarantined or detected phishing message. If the email itself uses Costco or BT wording to push a reward, bill, renewal, or login, treat it as a phishing lure.

Should I forward the suspicious email?

For work accounts, forward it as an attachment to your IT or security team if that is your company’s reporting process. For brand-specific lures, use the official reporting route published by the brand.

Do I need a malware scan after opening the email?

Reading the email alone is usually lower risk. Run a scan if you opened an attachment, installed anything, allowed browser notifications, downloaded a file, or see redirects, pop-ups, or security warnings after the click.

References

  1. Microsoft Learn. “Alert policies in Microsoft 365.” Microsoft, updated June 1, 2026, accessed June 11, 2026. https://learn.microsoft.com/en-us/defender-xdr/alert-policies
  2. Costco Customer Service. “Currently Known Scams.” Costco Wholesale, accessed June 11, 2026. https://customerservice.costco.com/app/answers/answer_view/a_id/9770/~/currently-known-scams
  3. BT Help. “Is this a genuine BT email? How to spot spam, phishing and spoofing.” BT, accessed June 11, 2026. https://www.bt.com/help/email/email-security/what-is-a-phishing-scam–is-the-email-i-have-received-genuine-
OnlyFans Leak Checker Scam: Fake Breach Panic and Malware Risk
How to Hide Your IP Address: VPN, Proxy, Tor, and Limits
USB Shortcut Virus: Remove Shortcuts and Restore Hidden Files
Microsoft Details Kazuar Botnet Used by Secret Blizzard
PUA:Win32/Conduit: Browser Hijacker Meaning and Removal
TAGGED:
Share This Article
ByDaniel Zimmermann
Follow:
With a strong background in consumer safety and fraud prevention, Daniel specializes in providing actionable tips and advice to users. His focus is on helping individuals understand the risks of interacting with fraudulent sites and services
Previous Article TikTok and Instagram Reels video lure telling Windows users to paste a PowerShell command that can lead to Vidar stealer TikTok Tutorials Push Vidar Stealer Through PowerShell
Next Article Fake movie streaming play button caught in a card-verification trap with pop-up prompts. Free Movie Streaming Site Scams

AI Assistant

Hello! 👋 How can I help you today?