For several months, scammers have been exploiting a vulnerability in an internal Microsoft email address intended for sending official notifications. Criminals have been able to register Microsoft accounts as new customers and send fake messages on behalf of the tech giant. This leads users to believe in the authenticity of these emails. This is reported by Techcrunch.com reports .
The attacks are being carried out via the msonlineservicesteam@microsoftonline.com address. Typically, Microsoft uses this address to send two-factor authentication codes and important account security alerts. The emails sent by scammers contain subjects about fake transaction alerts or false information about personal messages, including links to suspicious websites.
The non-profit organization Spamhaus Project confirmed that this issue has been ongoing for several months. Representatives of the organization stated that automated notification systems should not allow users to edit the content of emails so freely. Spamhaus has officially notified Microsoft about this risk.
So far, Microsoft has not provided specific information on whether this vulnerability has been fixed. Although a company representative confirmed to TechCrunch that the request was received, they did not provide a detailed comment on the situation. This is not the first instance of fraud carried out using the systems of major companies recently.
As a reminder, the fintech platform Betterment and the service Namecheap have previously faced similar attacks. At that time, hackers accessed company systems to distribute phishing messages aimed at stealing users' cryptocurrencies and personal data.
Read “Zamin” on Telegram!
