Scammers are abusing an internal Microsoft account to send spam links
Scammers have exploited a loophole in Microsoft's internal email system to send spam emails from a legitimate Microsoft address. These emails, which mimic official notifications, aim to deceive recipients into clicking on malicious links. Microsoft has acknowledged the issue but has not yet provided a solution to stop the abuse.
- ▪Scammers are using an internal Microsoft email address to send spam emails.
- ▪The emails are designed to look like legitimate notifications from Microsoft.
- ▪The Spamhaus Project has reported this issue and notified Microsoft about the abuse.
Opening excerpt (first ~120 words) tap to expand
For months, scammers have been taking advantage of a loophole that allows them to send spammy emails from an internal Microsoft email address typically used for sending legitimate account alerts. It’s not clear how the scammers are abusing the system, but they have been able to set up new Microsoft accounts as if they are new customers, and use that access to send out emails purportedly from the tech giant itself, potentially tricking people into thinking that these emails may be genuine. Microsoft doesn’t yet appear to have gotten a handle on the issue. Last week, I received several, similarly structured emails containing subject lines and web links to scammy sites from Microsoft across different email accounts.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at TechCrunch.
Discussion
0 commentsMore from TechCrunch
