 |
| Microsoft |
A vulnerability in Microsoft systems allows scammers to send malicious emails.
For several months, scammers have been exploiting an internal vulnerability in Microsoft systems that allows them to send spam and fraudulent emails via an official company address that is usually used to send legitimate account alerts and security notifications to users.
According to reports, it is still unclear how the fraudsters are able to exploit the system, but they appear to be able to create new accounts within Microsoft services as if they were new customers, and then use these privileges to send messages that look like they come directly from the company, increasing the likelihood of deceiving victims and making them believe that the messages are genuine.
Fraudulent emails from an official Microsoft address
Over the past week, a number of users have received similar messages containing links to suspicious websites and misleading addresses, all sent from the official email address: msonlineservicesteam@microsoftonline.com .This is an address that Microsoft typically uses to send 2FA two-factor authentication codes and important security alerts related to user accounts, according to a report published by TechCrunch and reviewed by Al Arabiya Business.
Some messages attempted to mimic alerts for suspicious financial transactions, while others claimed that a special message was waiting for the user via an attached link within the email.
“Spamhaus”: The problem has been ongoing for months
For its part, The Spamhaus Project, an organization specializing in combating spam messages, confirmed that it had detected the exploitation of Microsoft's official alerts address in spam campaigns for several months.
The organization said that automated notification systems should not allow this level of personalization, noting that it had already informed Microsoft of the problem.
Despite contact from technology media outlets with the company, Microsoft merely confirmed receiving the inquiries without issuing an official comment or clarifying whether it has succeeded in stopping this exploitation so far.
A growing wave of exploitation of large corporations' systems
This incident is part of an escalating series of attacks that rely on exploiting trusted corporate systems to deceive users.Earlier this year, a Betterment platform was hacked and used to send fraudulent messages claiming to double the cryptocurrency users send, a common scam to steal digital assets.
A similar incident occurred in 2023 when hackers exploited a Namecheap email account to send phishing messages aimed at stealing login credentials.
Social media users point out that the problem is not limited to Microsoft alone, as it appears that official email addresses of other companies are also being used to send spam and fraudulent messages, reflecting the wide scope of this type of cyberattack.
0 Comments