We all get enough spam messages these days that we can avoid the obvious scams: If an unknown number texts you asking for money, or a spammy email address warns you about a computer virus, you’ll likely delete them and move on. But if the message comes from a company you trust, like Microsoft, with a legitimate email address at that, you wouldn’t be blamed for assuming that email was real. In this specific case, however, it’s not, and you should be wary when interacting with it.
As reported by TechCrunch’s Zach Whittaker, scammers are sending emails from a legitimate internal Microsoft email address: msonlineservicesteam@microsoftonline.com. Microsoft uses this address to send a host of important messages, like two-factor authentication (2FA) codes, as well as other PSAs about user accounts. If you receive an email with this address, and look it up online, you’ll find it’s real, which might convince you that the email itself is real as well.
In his report, Whittaker highlighted how he received multiple emails from this email address. According to Whittaker, the messages themselves were pretty crudely constructed, with spammy links in the body. Some of the emails had subject lines purporting fraudulent activity on Whittaker’s Microsoft account, while others said Whittaker had “[one] new private message,” and that he needed to “verify access account email verification code account email verification code.” Right. Even if the scammers aren’t running great copy on their subject lines and emails, they’re sophisticated enough to send messages from legitimate Microsoft email addresses, which increases the chances that people will fall for these scams—even if the emails are poorly made.
Microsoft didn’t comment when TechCrunch reached out, but did confirm they received the request. To be fair, while it’s not clear how scammers are achieving this, Microsoft is not the only company dealing with this type of scheme. Earlier this year, Betterment had a similar issue with abuse of the third-party system it uses for customer communications. Namecheap, a domain registrar, also has issues with scammers abusing its legitimate email addresses.
How to spot fake emails from legitimate addresses
Checking the email address of a suspicious message is often the first step in determining its legitimacy, so the fact that scammers can take over these addresses might seem daunting. But there are plenty of other tells you can look out for to avoid falling victim to these phishing emails.
First, while the address might be legit, scammy links likely aren’t. Hover your cursor over the hyperlinks in the email to reveal the URL. If you see shortened links, or lengthy, jumbled URLs, assume the worst. Be critical of how the email is constructed as well. If there are spelling or grammatical errors in the subject line or body, or if the overall design doesn’t align with the standards of the company in question, it’s likely fraudulent.
Â
This articles is written by : Nermeen Nabil Khear Abdelmalak
All rights reserved to : USAGOLDMIES . www.usagoldmines.com
You can Enjoy surfing our website categories and read more content in many fields you may like .
Why USAGoldMines ?
USAGoldMines is a comprehensive website offering the latest in financial, crypto, and technical news. With specialized sections for each category, it provides readers with up-to-date market insights, investment trends, and technological advancements, making it a valuable resource for investors and enthusiasts in the fast-paced financial world.