For months, scammers have been exploiting a loophole that lets them send spam emails from an internal Microsoft email address typically used for sending legitimate account alerts. While the method remains unclear, scammers have managed to create new Microsoft accounts as if they are new customers, using this access to distribute emails seemingly from Microsoft, potentially fooling recipients into believing they are authentic.
Microsoft has yet to address the issue effectively. Last week, I received several emails with similar structures and subject lines from Microsoft, pointing to scam sites across different email accounts. These poorly crafted emails were sent from [email protected], an account Microsoft uses for sending critical user notifications like two-factor authentication codes and important alerts about online accounts.
Some email subjects mimicked official alerts for fraudulent transactions, while others mentioned a private message awaiting the recipient at a web address in the email body.
The Spamhaus Project, an anti-spam non-profit, also observed the misuse of Microsoft’s account notification email address for spam, with activities tracing back months. Spamhaus criticized the allowance for such customization in automated notification systems and informed Microsoft of the issue.
Microsoft acknowledged TechCrunch’s inquiry but has not commented or confirmed if they have resolved the abuse of its account notification email.
This incident is the latest in a series of events where hackers or scammers misuse company systems to deceive unsuspecting customers. Earlier this year, hackers accessed a platform used by fintech firm Betterment to release fake notifications promising to triple cryptocurrency value – a known scam to steal cryptocurrency.
In 2023, hackers similarly exploited an email account managed by Namecheap to launch phishing emails aimed at stealing credentials.
Social media users have reported other companies’ email addresses being used for spam, indicating the problem is not exclusive to Microsoft.
When you purchase through links in our articles, we may earn a small commission. This doesn’t affect our editorial independence.