For the last several months, scammers have co-opted an internal Microsoft email address—a legitimate email that’s used for alerts and notifications—to send spam emails to random people.
First reported by TechCrunch and later resurfaced by a warning from Mimikama (machine translated), these scam emails are sent from msonlineservicesteam@microsoftonline.com, which is normally used to send 2FA authentication codes and other account notices.
And it isn’t being spoofed—the email address is apparently compromised. In these scam emails from this address, the links within look official but are actually phishing links.
Mimikama explains:
Based on current information, there is considerable evidence to suggest that criminals were indeed able to send messages using a genuine Microsoft sender address. This likely refers to more than just a spoofed display name. Rather, it describes the misuse of a legitimate notification system or an associated account mechanism.
To spot this scam, it’s not enough to simply hover your mouse pointer over the sender’s address and check if it’s from an actual reputable email address. In this case, the sender’s address will be legit and you’ll have to evaluate whether it’s a scam based on the content of the email.
Here’s what you should do
Don’t click on any links in the email. Instead, open the relevant Microsoft services directly via their official website or app. There, you can then check whether there really is a warning, message, or alert for your account. If there isn’t, the email is fraudulent.
You can spot fraudulent emails with a few other red flags, for example, by inappropriate subject lines, strange phrasings, and links to unfamiliar domains. It’s always wise to be wary of any email that tries to pressure you or demand that you take urgent action.
Microsoft has been informed and is currently investigating this phishing incident. It’s currently unknown how the hackers are able to exploit this genuine email address, and it’s unknown whether only new accounts, specific workflows, or individual notification functions are affected.
Â
This articles is written by : Nermeen Nabil Khear Abdelmalak
All rights reserved to : USAGOLDMIES . www.usagoldmines.com
You can Enjoy surfing our website categories and read more content in many fields you may like .
Why USAGoldMines ?
USAGoldMines is a comprehensive website offering the latest in financial, crypto, and technical news. With specialized sections for each category, it provides readers with up-to-date market insights, investment trends, and technological advancements, making it a valuable resource for investors and enthusiasts in the fast-paced financial world.