Scam alert: An official Microsoft email is being used for phishing links

Internal Microsoft account being used to send scams, phishing links | Mashable

Scammers have found a way to weaponize an official Microsoft email address in order to spread their cyber crimes. Credit: Samuel Boivin/NurPhoto via Getty Images

If you've ever received an email from "[email protected]," you'll know that this is an official email address used by Microsoft.However, users should be aware that emails from this official Microsoft address may be scam messages.Scammers have figured out how to weaponize this legitimate Microsoft email address in order to send fraudulent emails to targets. And it appears that bad actors are ramping up their use of this method, too. You May Also Like

Post by @[email protected] View on Mastodon

Recently, multiple people on social media have shared that they received a scam email from a real Microsoft email address called [email protected]. The emails look like most emails from Microsoft, utilizing the template that the company frequently uses. However, the subject line of these emails are often about Bitcoin or a promoting a third-party website. The subject line also usually includes a phone number or website link that are not associated with Microsoft.The reason these emails look like actual emails from Microsoft is because, technically, they are. Post by @[email protected] View on Mastodon

Normally, this Microsoft email is used by the company in order to send email notifications such as two-factor authentication codes or account notices. However, scammers have found that they can inject their fraudulent schemes into this legitimate email, bypassing any sort of scam or spam detection filters in users' email inbox. Mashable Light Speed Want more out-of-this world tech, space and science stories? Sign up for Mashable's weekly Light Speed newsletter. Loading... Sign Me Up

Use this instead

By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy. Thanks for signing up! As TechCrunch writes in its report, Microsoft doesn't appear to have addressed the issue or released any statement yet on the matter.However, it appears that this issue has been around for quite some time now.A January report from cybersecurity company Abnormal detailed how bad actors were abusing Microsoft's notification email system and tricking it into sending phishing emails. Related Stories Google, Meta, TikTok face EU complaints over financial scam protections New Microsoft Defender exploits discovered. How to protect yourself Meta made $14 million just off of these scam ads Taylor Swift and Rihanna TikTok scams are surging New phishing scam targets your FOMO with fake party invitations

"The attack begins with the bad actor spinning up a disposable Microsoft 365 tenant," reads Abnormal's report. "The core exploit lies in the Tenant Branding configuration within Microsoft Entra ID. The attacker navigates to Tenant Properties and modifies the 'Name' field to contain a fraudulent financial alert message."With the name modified with the scammer's message, the bad actor then tricks Microsoft into sending a verification code email to the target's email address. The scammer does this by asking Microsoft to add the target's email address to the attacker's Microsoft account. When the email is sent to the target, Microsoft includes their name in the subject line. But, again, in this case, the scammer has input their message to the victim as the name.Because this attack utilizes Microsoft's trusted email address and does not include any malicious hyperlinks or attachments, these scam emails are easily bypassing any sort of security measures.As cybercriminals get craftier and more resourceful, internet users should remain vigilant and take a close look at emails they receive, even if the sender appears to check out.

Topics Cybersecurity Microsoft Scams

Recommended For You New phishing scam targets your FOMO with fake party invitations Be on the lookout for vague party invites in your inbox from long-distance accquaintances. 04/28/2026 By Chance Townsend

New Congressional scam alert issued for IRS fraud ahead of Tax Day Exclusive: Lawmakers warn of new IRS scams targeting taxpayers nationwide. 04/09/2026 By Anna Iovine

Meta rolls out Facebook scam warnings The world's largest social networks have some new AI-powered fraud detection tools. Are they enough? 03/11/2026 By Chance Townsend

Meta accused of profiting from scam ads in class-action lawsuit A Meta spokesperson said the company "aggressively combats scams." 04/25/2026 By Anna Iovine

Meta made $14 million just off of these scam ads Americans have lost billions to malicious social media advertising. 05/12/2026 By Chase DiBenedetto

Trending on Mashable The best hookup apps for 2026: I swiped until my thumb hurt Here are the best apps for finding a casual, low-stress connection right now. 05/23/2026 By Tabitha Britt

App fatigue is real. I tested the best dating apps of 2026 to find the