Scam alert: An official Microsoft email is being used for phishing links

0
641

Internal Microsoft account being used to send scams, phishing links

If you've ever received an email from "[email protected]," you'll know that this is an official email address used by Microsoft.

However, users should be aware that emails from this official Microsoft address may be scam messages.

Scammers have figured out how to weaponize this legitimate Microsoft email address in order to send fraudulent emails to targets. And it appears that bad actors are ramping up their use of this method, too.

Recently, multiple people on social media have shared that they received a scam email from a real Microsoft email address called [email protected]. The emails look like most emails from Microsoft, utilizing the template that the company frequently uses. However, the subject line of these emails are often about Bitcoin or a promoting a third-party website. The subject line also usually includes a phone number or website link that are not associated with Microsoft.

The reason these emails look like actual emails from Microsoft is because, technically, they are.

Normally, this Microsoft email is used by the company in order to send email notifications such as two-factor authentication codes or account notices. However, scammers have found that they can inject their fraudulent schemes into this legitimate email, bypassing any sort of scam or spam detection filters in users' email inbox.

Mashable Light Speed

As TechCrunch writes in its report, Microsoft doesn't appear to have addressed the issue or released any statement yet on the matter.

However, it appears that this issue has been around for quite some time now.

A January report from cybersecurity company Abnormal detailed how bad actors were abusing Microsoft's notification email system and tricking it into sending phishing emails.

"The attack begins with the bad actor spinning up a disposable Microsoft 365 tenant," reads Abnormal's report. "The core exploit lies in the Tenant Branding configuration within Microsoft Entra ID. The attacker navigates to Tenant Properties and modifies the 'Name' field to contain a fraudulent financial alert message."

With the name modified with the scammer's message, the bad actor then tricks Microsoft into sending a verification code email to the target's email address. The scammer does this by asking Microsoft to add the target's email address to the attacker's Microsoft account. When the email is sent to the target, Microsoft includes their name in the subject line. But, again, in this case, the scammer has input their message to the victim as the name.

Because this attack utilizes Microsoft's trusted email address and does not include any malicious hyperlinks or attachments, these scam emails are easily bypassing any sort of security measures.

As cybercriminals get craftier and more resourceful, internet users should remain vigilant and take a close look at emails they receive, even if the sender appears to check out.

Поиск
Категории
Больше
Игры
I would die for Deadlock's new hero Rem, who also has one of the best easter eggs I've seen in a competitive PvP game
I would die for Deadlock's new hero Rem, who also has one of the best easter eggs I've seen in a...
От Test Blogger6 2026-01-28 06:01:45 0 3Кб
Food
Why Is Seafood Synonymous With Mardi Gras?
Why Is Seafood Synonymous With Mardi Gras?...
От Test Blogger1 2026-02-02 12:00:09 0 3Кб
Technology
Tackle work from anywhere with this $450 Dell business laptop
Tackle work from anywhere with this $450 Dell business laptop...
От Test Blogger7 2026-05-19 10:00:25 0 690
Food
Why This Protein-Packed Blueberry Muffin Mix Is The Worst
Why This Protein-Packed Blueberry Muffin Mix Is The Worst...
От Test Blogger1 2026-03-26 13:00:11 0 2Кб
Другое
Why IT Staff Augmentation? Services Are Transforming Modern Workforce Management
The way businesses establish and manage their IT teams is evolving as a result of the digital...
От Kavita Sharma 2026-06-04 12:31:02 0 2Кб