For the last several months, scammers have co-opted an internal Microsoft email address—a legitimate email that’s used for alerts and notifications—to send spam emails to random people.
First reported by TechCrunch and later resurfaced by a warning from Mimikama (machine translated), these scam emails are sent from [email protected], which is normally used to send 2FA authentication codes and other account notices.
And it isn’t being spoofed—the email address is apparently compromised. In these scam emails from this address, the links within look official but are actually phishing links.
Mimikama explains:
Based on current information, there is considerable evidence to suggest that criminals were indeed able to send messages using a genuine Microsoft sender address. This likely refers to more than just a spoofed display name. Rather, it describes the misuse of a legitimate notification system or an associated account mechanism.
To spot this scam, it’s not enough to simply hover your mouse pointer over the sender’s address and check if it’s from an actual reputable email address. In this case, the sender’s address will be legit and you’ll have to evaluate whether it’s a scam based on the content of the email.
Here’s what you should do
Don’t click on any links in the email. Instead, open the relevant Microsoft services directly via their official website or app. There, you can then check whether there really is a warning, message, or alert for your account. If there isn’t, the email is fraudulent.
You can spot fraudulent emails with a few other red flags, for example, by inappropriate subject lines, strange phrasings, and links to unfamiliar domains. It’s always wise to be wary of any email that tries to pressure you or demand that you take urgent action.
Microsoft has been informed and is currently investigating this phishing incident. It’s currently unknown how the hackers are able to exploit this genuine email address, and it’s unknown whether only new accounts, specific workflows, or individual notification functions are affected.
