Scammers abuse internal Microsoft account to send spam emails
Original: Scammers are abusing an internal Microsoft account to send spam links
Why This Matters
Highlights security vulnerabilities in automated notification systems at major tech companies
Scammers have exploited a Microsoft internal email account (msonlineservicesteam@microsoftonline.com) for months to send spam emails that appear legitimate. The account typically sends official notifications like 2FA codes and security alerts.
For several months, scammers have been abusing Microsoft's internal email system by creating new accounts and using the legitimate msonlineservicesteam@microsoftonline.com address to send spam emails. This address is normally used for critical notifications like two-factor authentication codes. The spam emails contain fraudulent transaction alerts and links to scammy websites. Anti-spam nonprofit Spamhaus Project confirmed the ongoing abuse and has notified Microsoft. Microsoft acknowledged the issue and stated they are 'actively investigating and taking action against these phishing reports' while strengthening detection mechanisms and removing violating accounts. Similar incidents have affected other companies including Betterment and Namecheap in recent years.