Scammers exploit Microsoft account loophole to send spam from legitimate internal email address
By
spike021
Toasted golden, schmeared with insight. Top of the rack.
Summary
Scammers have been exploiting a loophole in Microsoft's system to send spam emails from an internal Microsoft email address that is normally used for legitimate account alerts. The scammers appear to be creating new Microsoft accounts and using that access to send fraudulent emails that appear to come from Microsoft, potentially tricking recipients. Microsoft has not yet resolved the issue, and the article notes that the reporter received several such emails themselves.
Key quotes
· 3 pulledFor months, scammers have been taking advantage of a loophole that allows them to send spammy emails from an internal Microsoft email address typically used for sending legitimate account alerts.
It's not clear how the scammers are abusing the system, but they have been able to set up new Microsoft accounts as if they are new customers and use that access to send out emails purportedly from the tech giant, potentially tricking people into thinking these emails are genuine.
Microsoft doesn't yet appear to have gotten a handle on the issue.
You might also wanna read
Scammers compromise real Microsoft email address to send phishing links
Scammers have compromised a legitimate Microsoft email address ([email protected]) that is normally used for 2FA authentication codes and ac
gigcitygeek.com·4d ago
FBI warns Kali365 phishing scam bypasses Microsoft 365 multi-factor authentication
The FBI has issued a warning about a new phishing scam called Kali365 that targets Microsoft 365 accounts. The scam allows hackers to bypass
bit.ly·4d ago
FBI warns of Kali365 phishing platform targeting Microsoft 365 accounts
The FBI has issued a public service announcement warning about Kali365, a growing phishing-as-a-service platform that targets Microsoft 365
ift.tt·4d ago