If you’ve ever received an email from “[email protected],” you’ll know that this is an official email address used by Microsoft.
However, users should be aware that emails from this official Microsoft address may be scam messages.
Scammers have figured out how to weaponize this legitimate Microsoft email address in order to send fraudulent emails to targets. And it appears that bad actors are ramping up their use of this method, too.
Recently, multiple people on social media have shared that they received a scam email from a real Microsoft email address called [email protected]. The emails look like most emails from Microsoft, utilizing the template that the company frequently uses. However, the subject line of these emails are often about Bitcoin or a promoting a third-party website. The subject line also usually includes a phone number or website link that are not associated with Microsoft.
The reason these emails look like actual emails from Microsoft is because, technically, they are.
Normally, this Microsoft email is used by the company in order to send email notifications such as two-factor authentication codes or account notices. However, scammers have found that they can inject their fraudulent schemes into this legitimate email, bypassing any sort of scam or spam detection filters in users’ email inbox.
Mashable Light Speed
As TechCrunch writes in its report, Microsoft doesn’t appear to have addressed the issue or released any statement yet on the matter.
However, it appears that this issue has been around for quite some time now.
A January report from cybersecurity company Abnormal detailed how bad actors were abusing Microsoft’s notification email system and tricking it into sending phishing emails.
“The attack begins with the bad actor spinning up a disposable Microsoft 365 tenant,” reads Abnormal’s report. “The core exploit lies in the Tenant Branding configuration within Microsoft Entra ID. The attacker navigates to Tenant Properties and modifies the ‘Name’ field to contain a fraudulent financial alert message.”
With the name modified with the scammer’s message, the bad actor then tricks Microsoft into sending a verification code email to the target’s email address. The scammer does this by asking Microsoft to add the target’s email address to the attacker’s Microsoft account. When the email is sent to the target, Microsoft includes their name in the subject line. But, again, in this case, the scammer has input their message to the victim as the name.
Because this attack utilizes Microsoft’s trusted email address and does not include any malicious hyperlinks or attachments, these scam emails are easily bypassing any sort of security measures.
As cybercriminals get craftier and more resourceful, internet users should remain vigilant and take a close look at emails they receive, even if the sender appears to check out.
