UK Border Force e-mail harvesting?


I’m not sure whether this is the place for this, but it does concern the sort of issues the forum covers:

Last night I had a lost bag at London Heathrow - I discovered that the process now (it must have been fairly recently changed) is that to report the bag missing a UK Border Force form has to be filled in, and your phone number and e-mail address have to be provided - if you don’t fill the form in you don’t ever see your bag again…
The email address I gave is my ‘throwaway’ one - and a few hours later I got a VERY professional looking e-mail purportedly from Microsoft telling me that I had to verify my e-mail account - this is the content:

Microsoft account
Verify your account
We’ve detected something unusual about a recent sign-in for the Microsoft account to***** For example, you might be signing in from a new location, device or app.
To help keep you safe, we’ve blocked access to your inbox, contacts list and calendar for that sign-in. Please review your recent activity and we’ll help you secure your account. To regain access, you’ll need to confirm that the recent activity was yours.
Review recent activity
The Microsoft account team

This is the link (Needless to say I didn’t click on it!

It all looks VERY legit - not a teenage hacker’s phishing expedition experiment - but of course my account is with Plusnet…

Wonder if anyone else has been finding similar UK Border Force enthusiasm?