Cybercriminals are reportedly abusing a Microsoft notification system to send spam emails and phishing emails from what appears to be a legitimate Microsoft email address.
The emails are being sent from an official Microsoft account typically used for security alerts and account notifications, making the messages appear more trustworthy to recipients.
How the Scam Works
According to reports, scammers are exploiting a loophole that allows emails containing malicious or spam links to be sent through Microsoft’s own notification infrastructure.
Because the emails come from a real Microsoft domain, users may incorrectly assume the messages are genuine and safe to open.
Why This Is Dangerous
- Emails appear to come from an official Microsoft address
- Traditional spam filters may trust the sender
- Users are more likely to click links from familiar brands
- Fake account alerts can create panic or urgency
How to Stay Safe
Do not trust an email solely because it appears to come from a legitimate sender address. Always inspect links carefully and verify account alerts directly through Microsoft’s official website or app instead of clicking email links.
Source
Read more on the original source – reported by TechCrunch.