Updated
Updated · TechCrunch · May 21
Scammers Abuse Microsoft Alert Account to Send Spam for Months
Updated
Updated · TechCrunch · May 21

Scammers Abuse Microsoft Alert Account to Send Spam for Months

6 articles · Updated · TechCrunch · May 21
  • Spamhaus said Tuesday that scammers have been abusing Microsoft’s msonlineservicesteam@microsoftonline.com notification address for several months to send spam that appears to come from the company.
  • The emails mimic legitimate account alerts—such as fraud warnings or private-message notices—and include links to scam sites, exploiting trust in an address Microsoft uses for two-factor codes and other critical notices.
  • TechCrunch said it received several such messages across different accounts last week, suggesting the abuse is ongoing; Microsoft acknowledged an inquiry but has not said whether it has stopped the activity.
  • The case adds to a broader pattern of attackers misusing trusted corporate messaging systems, after similar fraudulent email incidents at Betterment earlier this year and Namecheap in 2023.
Scammers are using real Microsoft emails. Is any official-looking message truly safe to open anymore?
As AI crafts flawless phishing emails, are we losing the war against online scammers?

Related Stories

TechCrunchMay 21
MicrosoftMay 21
techbuzz.aiMay 21
YahooMay 21
InstagramMay 21
varonis.comMay 21