Hello Gail
While in some occasions Microsoft will contact you in regards the security of your account, it is best to make sure the sender domain is from Microsoft.
"If you get an email from Microsoft account team and the email address domain is @accountprotection.microsoft.com, it is safe to trust the message and open it. Microsoft uses this domain to send email notifications about your Microsoft account. These notifications can include security codes for two-step verification and account update information, such as password changes."
The above paragraph is an exact copy of the text you can find in this link: https://support.microsoft.com/en-us/account-bil...
Even then, many users have reported receiving phishing emails with the same sender details, so if you click the "Review recent activity" email link and instead of going to Microsoft to review your account's sign-in activity, you are brought to a fake landing page on a non-Microsoft site that asks you to login, then that's most likely a scam. As has been informed in this website: https://www.bleepingcomputer.com/news/security/beware-of-fake-microsoft-account-unusual-sign-in-activity-emails/ (This link leads to a site outside of Microsoft, and while the information provided may be trustworthy, be cautious about clicking on any additional links or ads that may be present on the page. It is always best to be cautious and do your own research before clicking on unfamiliar links or providing personal information online.).
If you feel your Outlook email has been compromised, there are a few steps you can take to help keep it safe and secure in the future:
Change your password: Choose a strong, unique password that is difficult for others to guess. Avoid using personal information or common words in your password, and don't reuse passwords across different accounts.
Enable two-factor authentication: This adds an extra layer of security to your account by requiring you to enter a code sent to your phone or email whenever you sign in from a new device.
Check your account activity: Review your recent account activity to make sure there are no suspicious logins or changes to your account settings.
Update your security information: Make sure your security information, such as your phone number and recovery email address, is up-to-date. This will make it easier to recover your account if it is ever compromised.
Be cautious when opening email attachments or clicking on links: Be careful when opening attachments or clicking on links in emails, even if they appear to be from someone you know. Scammers can use these methods to install malware on your computer or steal your personal information.
By following these steps, you can help protect your Outlook email account from being compromised in the future.