Got a link from Microsoft? Beware, it can be a scam
Follow UsScammers used a Microsoft email address to send fake alerts.
The messages included urgent warnings and suspicious links.
Microsoft confirmed the issue but has not shared a fix yet.
Scammers are now coming up with new tricks every day to make fake emails look real. Microsoft was one of the recent victims of this, as the scammers found a loophole that allowed them to misuse one of Microsoft’s internal email addresses and used it to send spam messages with dangerous links and fake warnings. The emails looked official, making it more difficult for users to tell they were scams. Cybersecurity experts say this incident raises concerns about how large tech companies manage their automated email systems. Microsoft has admitted the problem exists, but the company has not yet shared how the misuse started or when it will be fully fixed. The incident has also started discussions about whether companies are acting fast enough to stop trusted online services from being used for scams.
SurveySeveral users, including reporters and cybersecurity researchers, recently received suspicious emails sent from msonlineservicesteam@microsoftonline.com, an address commonly used by Microsoft for account alerts and security messages. The emails carried subject lines that appeared urgent and included links directing users to unknown websites.
Also read: Motorola Edge 50 Ultra 5G price drops by over Rs 26000 on Amazon: Is it worth buying
Some messages claimed there had been fraudulent transactions linked to the user’s account, while others told recipients they had a private message waiting online. Despite the poor language and obvious spam content, the use of an official Microsoft address made the emails appear more believable.
Anti-spam group The Spamhaus Project said the activity has been going on for months. In a social media post, the group said automated systems should not allow users to customise official notification emails in such a way. Spamhaus also confirmed that it had informed Microsoft about the issue.
Microsoft acknowledged media questions on the matter earlier this week but has not publicly shared details about the loophole or whether it has fixed the problem.
The case adds to a growing list of incidents where hackers and scammers have misused company systems to target users. Earlier this year, hackers reportedly abused a platform connected to a fintech company. Betterment to spread fake cryptocurrency offers. Attackers also used access to a Namecheap email account to send phishing emails designed to steal login credentials way back in 2023.
