Microsoft is often an easy target because they are (a) very large, (b) very well known, (c) global in operations, and (d) most people can't tell you where they are headquartered at. This allows "the Bad Guys" to readily use personal e-mail account from small Internet Service Providers in foreign countries to get you.
One general rule to think about: Microsoft will e-mail you marketing material, promotional material but they are not in the practice of monitoring your computer for any problems or upgrade needs with an e-mail. Any one calling that suggests they are with Microsoft, be very suspicious about that call.
If you want or need a patch or update to a Microsoft product, you (of the Microsoft update program) go to Microsoft web site to obtain the software. Do not trust any updates or patches e-mailed to you by Microsoft.