The report highlights that for the last several months, scammers have co-opted an internal Microsoft email address—a legitimate email that’s used for alerts and notifications—to send spam emails to random people.

Industry observers note that first reported by TechCrunch and later resurfaced by a warning from Mimikama (machine translated), these scam emails are sent from [email protected], which is normally used to send 2FA authentication codes and other account notices.

According to the latest update, in these scam emails from this address, the links within look official but are actually phishing links. And it isn’t being spoofed—the email address is apparently compromised.

According to the latest update, this likely refers to more than just a spoofed display name. Rather, it describes the misuse of a legitimate notification system or an associated account mechanism. Based on current information, there is considerable evidence to suggest that criminals were indeed able to send messages using a genuine Microsoft sender address.

Industry observers note that in this case, the sender’s address will be legit and you’ll have to evaluate whether it’s a scam based on the content of the email. To spot this scam, it’s not enough to simply hover your mouse pointer over the sender’s address and check if it’s from an actual reputable email address.

According to the latest update, instead, open the relevant Microsoft services directly via their official website or app. There, you can then check whether there really is a warning, message, or alert for your account. If there isn’t, the email is fraudulent. Don’t click on any links in the email.

In a fresh development, it’s always wise to be wary of any email that tries to pressure you or demand that you take urgent action. You can spot fraudulent emails with a few other red flags, for example, by inappropriate subject lines, strange phrasings, and links to unfamiliar domains.

The report highlights that it’s currently unknown how the hackers are able to exploit this genuine email address, and it’s unknown whether only fresh accounts, specific workflows, or individual notification functions are affected. Microsoft has been informed and is currently investigating this phishing incident.

In a fresh development, this article originally appeared on our sister publication PC-WELT and was translated and localized from German.

As part of the ongoing story, he has been writing on almost all IT topics for around 25 years, covering everything from news to reviews and buying guides. Hans-Christian Dirscherl began his IT life with Autoexec.bat and config.sys, Turbo-Pascal and C, Sinix and Wordperfect.