Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
For months, scammers have taken advantage of a vulnerability that allows them to send unsolicited emails from an internal Microsoft email address typically used to send legitimate account alerts.
It’s not clear how scammers are abusing the system, but they have been able to create new Microsoft accounts as if they were new customers, and use that access to send emails purporting to be from the tech giant itself, potentially fooling people into thinking these emails might be real.
Microsoft does not seem to have been able to address this issue yet.
Last week, I received several similarly structured emails containing subject lines and web links to fraudulent sites from Microsoft across different email accounts. these Crudely made Emails were sent from msonlineservicesteam@microsoftonline.coman email account that Microsoft uses to send important notifications to users, such as two-factor authentication codes and other important alerts about their online accounts.
Some of these emails’ subject lines resemble official emails that would alert users to fraudulent transactions, while other emails claim to have special messages waiting for the recipient at a web address mentioned in the body of the email.
in Social post on TuesdayThe Spamhaus Project, an anti-spam nonprofit, said it had also seen a Microsoft account notification email address being misused to send spam, and that the activity went back “several months.”
“Automated notification systems should not allow this level of customization,” Spamhouse wrote. The non-profit organization added that it had notified Microsoft of the problem.
When contacted by TechCrunch earlier this week, a Microsoft spokesperson acknowledged our inquiry, but has yet to comment or say whether the company has stopped abusing its account notification email.
This is the latest in a series of incidents in which hackers or scammers have abused company systems to scam unsuspecting customers in recent months. Earlier this year, hackers broke into a platform used by fintech company Betterment Sending fraudulent notifications Which allegedly triples the value of any cryptocurrency user sends – a widely known scam used to steal people’s cryptocurrencies.
Back in 2023, hackers Likewise abuse of access To an email account managed by Namecheap to send phishing emails intended to steal people’s credentials.
Other users commenting on social media say that other companies’ email addresses are also being used to send spam, suggesting that the issue is not limited to Microsoft.
When you make a purchase through the links in our articles, We may earn a small commission. This does not affect our editorial independence.
