Scammers are abusing an official Microsoft email address to send spam

For months, scammers person been taking vantage of a loophole that allows them to nonstop spammy emails from an interior Microsoft email code typically utilized for sending morganatic relationship alerts.

It’s not wide however the scammers are abusing the system, but they person been capable to acceptable up caller Microsoft accounts arsenic if they are caller customers, and usage that entree to nonstop retired emails purportedly from the tech elephantine itself, perchance tricking radical into reasoning that these emails whitethorn beryllium genuine.

Microsoft doesn’t yet look to person gotten a grip connected the issue.

Last week, I received several, likewise structured emails containing taxable lines and web links to scammy sites from Microsoft crossed antithetic email accounts. These crudely made emails were sent from msonlineservicesteam@microsoftonline.com, an email relationship that Microsoft uses to nonstop important notifications to users, specified arsenic two-factor authentication codes and different captious alerts astir their online account.

Some of these emails’ taxable lines resembled authoritative emails that would alert users to fraudulent transactions, portion different emails claimed to person a backstage messaging waiting for the recipient astatine a web code mentioned successful the email body.

Image Credits:TechCrunch (screenshot) /

In a societal station connected Tuesday, anti-spam non-profit, The Spamhaus Project, said it had besides seen Microsoft’s relationship notification email code being abused to nonstop spam, and that the enactment dated backmost “several months.”

“Automated notification systems should not let this level of customization,” wrote Spamhaus. The non-profit added that it has notified Microsoft of the issue.

When contacted by TechCrunch earlier this week, a Microsoft spokesperson acknowledged our inquiry, but has not yet commented oregon said if the institution has stopped the maltreatment of its relationship notification email.

This is the latest successful a rash of incidents successful which hackers oregon scammers person abused institution systems to instrumentality unsuspecting customers successful caller months. Earlier this year, hackers broke into a level utilized by fintech steadfast Betterment to send retired fraudulent notifications that purported to triple the worth of immoderate crypto users nonstop successful — a wide known scam utilized to bargain people’s cryptocurrency.

Back successful 2023, hackers similarly abused access to an email relationship tally by Namecheap to nonstop retired phishing emails aimed astatine stealing people’s credentials.

Other users commenting connected societal media accidental that different companies’ email addresses are besides being utilized to nonstop retired spam, suggesting the contented is not constricted to Microsoft.