Scammer abusing Microsoft's msonlineservicesteam@ for spam distribution

Attached: 1 image ❗ We’ve observed a scammer clearly abusing Microsoft's 'msonlineservicesteam@microsoftonline[. ]com' for spam distribution. The header and message body appear completely legitimate - the abuse is happening through injection into the Subject: ✉️ Here's an example: "Your PayPal order for 0.0092 BTC ($699.99) is complete. Not you? Call +1 (803) 237-5050 account email verification code." At this point, it appears the attacker may have simply set the malicious text as either the account name or the organization name. This also appears to line up with what @[email protected] TechCrunch Security Editor identified last week: https://mastodon.social/@zackwhittaker/116562360000833298 ....although the activity we’re seeing appears to stretch back several months. Takeaway: automated notification systems should not allow this level of customization. Microsoft has been informed of this abusive activity. #ThreatIntel #Spam #InfoSec #CyberSecurity

Discussion

0 comments

Replying to cancel

GIF Post

Powered by

More from Infosec Exchange

Count Me As Skeptical About MOU

HotAir·7

Julia Roberts tells audience to ‘keep inhaling and exhaling’ at First Amendment concert

Washington Examiner·8

Emmy Voters, It’s Time To Give ‘Ghosts’ Their Overdue Best Comedy Series Nomination

Decider·8

Justin Bieber kisses ecstatic wife Hailey in celebration of long awaited Knicks championship

New York Post·7

The Unpopular Truth About World Cup Ticket Prices

The Atlantic·8

J. D. Vance Tells the Story of His Two Conversions

The Atlantic·6