Internal Microsoft account being used to send scams, phishing links

If you have already received an email from “[email protected],”, you will know that this is an official email address used by Microsoft.

However, users should be aware that emails coming from this official Microsoft address may be fraudulent messages.

Fraudsters figured out how to use this legitimate Microsoft email address as a weapon to send fraudulent emails to targets. And it seems that bad actors are increasingly using this method as well.

Recently, several people on social media have common that they received a scam email from a real Microsoft email address called [email protected]. The emails look like most Microsoft emails, using the template the company uses frequently. However, the subject of these emails is often about Bitcoin or promoting a third-party website. The subject line also usually includes a phone number or website link that is not associated with Microsoft.

The reason these emails look like real emails from Microsoft is because, technically, they are.

Normally, this Microsoft email is used by the company in order to send email notifications such as two-factor authentication codes or account notices. However, fraudsters discovered that they could inject their fraudulent schemes into this legitimate email, bypassing any type of scam or spam detection filters in the users’ inbox.

As TechCrunch Writing in its report, Microsoft does not appear to have fixed the issue or issued a statement about it.

However, it appears that this problem has existed for some time now.

A January report from cybersecurity company Abnormal explained how bad actors were abusing Microsoft’s email notification system and tricking it into sending phishing emails.

“The attack begins with the bad actor creating a disposable Microsoft 365 tenant,” Abnormal’s report reads. “The main exploit lies in the configuration of Tenant Branding in Microsoft Entra ID. The attacker accesses the tenant properties and modifies the ‘Name’ field to contain a fraudulent financial alert message.”

With the name altered with the scammer’s message, the bad actor then tricks Microsoft into sending a verification code email to the target’s email address. To do this, the scammer asks Microsoft to add the target’s email address to the attacker’s Microsoft account. When the email is sent to the target, Microsoft includes their name in the subject line. But, again, in this case, the scammer entered their message to the victim in name form.

Since this attack uses Microsoft’s trusted email address and does not include any hyperlinks or malicious attachments, these fraudulent emails easily bypass any sort of security measures.

As cybercriminals become more cunning and resourceful, Internet users should remain vigilant and closely examine the emails they receive, even if the sender appears to be checking.