Users report phishing emails coming from Microsoft’s system, and the company is digging in

Rear view of computer hacker in dark hall wearing hooded top hacks into a computer network, types software code on a keyboard and monitors a virus attack to hack into network systems and servers. — (Image credit: Getty Images | kmatta)

I previously thought that hackers had taken things up a notch by using generative AI to breach sensitive data — but the reality is far worse.

In a damning report by TechCrunch, scammers have been using a legitimate Microsoft email (msonlineservicesteam@microsoftonline.com) to send spam emails to unsuspecting people (via PCWorld). For context, the company uses this email to send 2FA authentication codes and other legitimate account alerts.

To that end, it’s still unclear how the scammers are exploiting the system, but evidence suggests the email address wasn’t spoofed — it was compromised. It appears the scammers have created new Microsoft accounts, posing as legitimate customers to gain access and send emails that seem to come from the company.

While speaking to TechCrunch, a Microsoft spokesperson indicated that:

"We are actively investigating and taking action against these phishing reports to help keep customers protected. This includes further strengthening our detection and blocking mechanisms, while removing accounts that violate our Terms of Use."

Multiple users have reported receiving spam emails that appear to come from Microsoft, featuring suspicious subject lines and links to questionable sites.

Interestingly, some of the subject lines in the emails are uncanny, as official emails from the tech giant would use to alert users about fraudulent transactions, seemingly making it even harder for users to identify the email as spam. Perhaps more concerningly, other emails claim to have a confidential message waiting for the recipient at a web address included in the email.

While Microsoft investigates the phishing scam, it’s crucial to stay vigilant when handling emails from the compromised address. Watch for unusual subject lines and always hover over links to verify whether they lead to suspicious or unfamiliar domains.

I'll keep tabs on this developing story as it unfolds and equally keep you posted as new information becomes available.

Join us on Reddit at r/WindowsCentral to share your insights and discuss our latest news, reviews, and more.

Kevin Okemwa is a seasoned tech journalist based in Nairobi, Kenya with lots of experience covering the latest trends and developments in the industry at Windows Central. With a passion for innovation and a keen eye for detail, he has written for leading publications such as OnMSFT, MakeUseOf, and Windows Report, providing insightful analysis and breaking news on everything revolving around the Microsoft ecosystem. While AFK and not busy following the ever-emerging trends in tech, you can find him exploring the world or listening to music.