All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Scammers compromise real Microsoft email address to send phishing links

By

Hans-Christian Dirscherl

4d ago· 3 min readenNews
Bagel score 85 of 100
85/100
Golden Brown
Bagelometer

Crisp on the outside, thoughtful on the inside. A keeper.

Score85TypenewsSentimentnegative

Summary

Scammers have compromised a legitimate Microsoft email address ([email protected]) that is normally used for 2FA authentication codes and account notifications. Instead of spoofing the address, the scammers are sending phishing emails directly from this real Microsoft domain. The emails contain links that appear official but are actually phishing attempts designed to steal user credentials or personal information. This has been ongoing for several months and was first reported by TechCrunch and later highlighted by Mimikama.

Key quotes

· 3 pulled
For the last several months, scammers have co-opted an internal Microsoft email address—a legitimate email that's used for alerts and notifications—to send spam emails to random people.
And it isn't being spoofed—the email address is apparently compromised.
In these scam emails from this address, the links within look official but are actually phishing
Snippet from the RSS feed
Scammers are exploiting a real Microsoft email address to send phishing links. Here's how to spot it and how to stay safe.

You might also wanna read

Scammers exploit Microsoft account loophole to send spam from legitimate internal email address

Scammers have been exploiting a loophole in Microsoft's system to send spam emails from an internal Microsoft email address that is normally

techcrunch.com·8d ago

Google Spoofed Via DKIM Replay Attack: Unveiling a Real-World Phishing Case

The article discusses a real-world phishing case where a Google spoof used a DKIM replay attack to deceive users with a fake subpoena. It de

easydmarc.com·10mo ago

Mozilla Warns of Phishing Campaign Targeting Firefox Add-On Developers

Mozilla has issued a warning about a phishing campaign targeting Firefox add-on developers, urging them to be cautious with emails disguised

theregister.com·10mo ago

Sophisticated Phishing Campaign Targets SendGrid Users with Political-Themed Emails

The article describes a sophisticated phishing campaign targeting SendGrid users that exploits American political tensions. Hackers send ema

fredbenenson.com·4mo ago

Bank Email Resembling Phishing Messages Sparks Concern

The article discusses a situation where a bank's email communication resembled phishing emails, potentially undermining anti-phishing educat

moritz-mander.de·10mo ago