Scammers are abusing an internal Microsoft account to send spam links

MichaelZuo

How does it work when a genuine microsoft domain is spending out spam? Do other email providers penalize that specific domain only, or all microsoft domains to a tiny degree?

wnevets

Is something similar happening with paypal? I've been getting seemly emails from the PayPal domain that are obviously a scam.

spike021

A while back I had a reservation with a hotel on Booking and I received a phish attempt that came directly via the Booking site domain email and also DMs but "sent" by the hotel. When I looked into it at the time, it seemed less like an issue of hotels specifically having their accounts infiltrated and more like some kind of message/email endpoint on Booking's end was being abused in a similar manner. I'm not sure this is the same type of issue but found this interesting, especially since apparently it's been reported to MS and no action has been taken.

weinzierl

Who even can be sure microsoftonline.com is legit. Microsoft's domain story is such a mess, I wouldn't be surprised if not even internally they have one complete list of all the domain assets they own. But they are not alone. It is kind of ironic when companies insist that we check the domain to spot spam but are unable publish a list with all domains they officially use to send mail.

ChrisArchitect

https://abnormal.ai/blog/system-notification-abuse-microsoft...

nippoo

I mean, it happened to the FBI... https://krebsonsecurity.com/2021/11/hoax-email-blast-abused-...