We all get enough spam messages these days that we can avoid the obvious scams: If an unknown number texts you asking for money, or a spam email address warns you about a computer virus, you just delete it and move on. But if a message comes from a company you trust, like Microsoft, with a legitimate email address on it, you can’t be blamed for assuming the email is real. In this particular case, however, it is not, and you should be careful when interacting with it.
As reported by Zach Whittaker of TechCrunchScammers are sending emails from legitimate internal Microsoft email addresses: (email protected). Microsoft uses this address to send many important messages, such as two-factor authentication (2FA) codes, as well as other PSAs about user accounts. If you find an email with this address and look it up online, you’ll find it to be genuine, which can reassure you that the email itself is genuine.
In his report, Whittaker highlighted how he received multiple emails from this email address. According to Whittaker, the messages themselves were very clumsily constructed, with spammy links in the body. Some of the emails had subject lines indicating fraudulent activity on Whitaker’s Microsoft account, while others said that Whitaker had “(a) new private message,” and that he “needs to verify access account email verification code account email verification code.” Right. Even if scammers don’t execute good copy on their subject lines and emails, they are sophisticated enough to send messages from legitimate Microsoft email addresses, making people more likely to fall for these scams – even if the emails are poorly crafted.
Microsoft did not comment when reached by TechCrunch, but confirmed that it had received the request. To be fair, while it’s not clear how the scammers are achieving this, Microsoft isn’t the only company working with this type of scheme. Earlier this year, Betterment had the same problem With the abuse of third-party systems it uses for customer communications. Namecheap, a domain registrar, also has problems Scammers misuse her legitimate email address.
What do you think so far?
How to detect fake emails from legitimate addresses
Checking the email address of a suspicious message is the first step in determining its legitimacy, so the fact that scammers can take over these addresses seems daunting. But you can find many other tips to avoid falling victim to these phishing emails.
First, while the address may be legitimate, scam links are unlikely. Hover your cursor over the hyperlink in the email to view the URL. If you see shortened links or long, confusing URLs, assume the worst. Also criticize how the email is created. If the subject line or body contains spelling or grammatical errors, or if the overall design doesn’t align with the standards of the company in question, it’s likely a scam.
