Scammers are abusing an official Microsoft email address to send spam
Scammers have been exploiting a loophole in Microsoft's email system to send spam from an official Microsoft address. These emails, which mimic legitimate notifications, have been reported by users and anti-spam organizations for several months. Microsoft has acknowledged the issue but has not yet provided a solution or comment on the ongoing abuse.
- ▪Scammers are sending spam emails from an internal Microsoft email address used for legitimate account alerts.
- ▪The emails often contain subject lines that resemble official notifications, tricking recipients into believing they are genuine.
- ▪The Spamhaus Project has reported this abuse and notified Microsoft, but the company has not yet commented on the situation.
Opening excerpt (first ~120 words) tap to expand
For months, scammers have been taking advantage of a loophole that allows them to send spammy emails from an internal Microsoft email address typically used for sending legitimate account alerts. It’s not clear how the scammers are abusing the system, but they have been able to set up new Microsoft accounts as if they are new customers, and use that access to send out emails purportedly from the tech giant itself, potentially tricking people into thinking that these emails may be genuine. Microsoft doesn’t yet appear to have gotten a handle on the issue. Last week, I received several, similarly structured emails containing subject lines and web links to scammy sites from Microsoft across different email accounts.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at TechCrunch.
Discussion
0 commentsMore from TechCrunch
