Back

Microsoft Email Account Exploited for Phishing Scams

Severity: High (Score: 64.5)

Sources: Zamin.Uz, www.bleepingcomputer.com, Techcrunch, Techbuzz.Ai

Published: 2026-05-21 · Updated: 2026-05-21

Keywords: microsoft, scammers, internal, account, send, spam, email

Summary

Scammers are exploiting a vulnerability in Microsoft's internal email system to send phishing emails from a legitimate Microsoft address, [email protected]. This address is typically used for important notifications, such as two-factor authentication codes and account alerts. The attackers have registered new Microsoft accounts to gain access and send fraudulent emails that appear authentic, tricking users into clicking on malicious links. The Spamhaus Project confirmed that this abuse has been ongoing for several months, and Microsoft has yet to provide a clear solution or acknowledgment of the issue. The exploit poses a significant risk to enterprise customers, as traditional email security measures fail to detect these legitimate-looking phishing attempts. Microsoft has not disclosed the technical details of the exploit, likely to prevent further abuse while they work on a fix. Key Points: • Scammers are using Microsoft's own email infrastructure to send phishing emails. • The exploit leverages a legitimate Microsoft email address, making detection difficult. • The issue has been reported for several months, with no clear resolution from Microsoft.

Detailed Analysis

**Impact** The exploit affects Microsoft’s enterprise customers, including the majority of Fortune 500 companies, by enabling scammers to send phishing emails from a legitimate Microsoft internal email account. This compromises trust in official communications, potentially leading to credential theft, malware infections, and operational disruptions. The attack targets users globally who receive security alerts, password resets, and two-factor authentication codes from Microsoft. The full scope and number of affected users remain unclear. **Technical Details** Attackers abuse the internal Microsoft email account [email protected], used for legitimate notifications, to send phishing and spam emails containing malicious links. The exploit involves registering new Microsoft accounts as if they were new customers to trigger these emails with arbitrary content while preserving legitimate sender credentials. The emails pass SPF, DKIM, and DMARC checks since they originate from Microsoft’s infrastructure, bypassing traditional email security filters. No specific CVEs or malware have been disclosed, and the exact technical mechanism remains undisclosed. **Recommended Response** Enterprises should implement additional verification steps for emails claiming to be from Microsoft, such as out-of-band confirmation of account alerts and stricter controls on password reset processes. Security teams should monitor for suspicious activity involving the [email protected] address and educate users to verify unexpected emails through separate channels. Microsoft has not provided a patch or mitigation timeline; therefore, defenders must rely on enhanced user awareness and layered verification until a fix is released.

Source articles (4)

  • Scammers are using an internal Microsoft account to distribute spam — Zamin.Uz · 2026-05-21
    For several months, scammers have been exploiting a vulnerability in an internal Microsoft email address intended for sending official notifications. Criminals have been able to register Microsoft acc…
  • Namecheaps Email Hacked To Send Metamask Dhl Phishing Emails — www.bleepingcomputer.com · 2026-05-21
    Domain registrar Namecheap had their email account breached Sunday night, causing a flood of MetaMask and DHL phishing emails that attempted to steal recipients' personal information and cryptocurrenc…
  • Scammers are abusing an internal Microsoft account to send spam links — Techcrunch · 2026-05-21
    For months, scammers have been taking advantage of a loophole that allows them to send spammy emails from an internal Microsoft email address typically used for sending legitimate account alerts. It’s…
  • Scammers are abusing an internal Microsoft account to send spam links — Techbuzz.Ai · 2026-05-21
    Scammers have found a way to weaponize Microsoft's own infrastructure against its users. A newly discovered loophole allows bad actors to send phishing emails from a legitimate Microsoft email address…

Timeline

  • 2026-05-21 — Scammers exploit Microsoft email account: Scammers have been sending phishing emails from [email protected], tricking users into believing they are legitimate.
  • 2026-05-21 — Spamhaus Project confirms ongoing abuse: The Spamhaus Project reported that the abuse of Microsoft's email address has been happening for several months and notified Microsoft of the risk.
  • 2026-05-21 — Microsoft acknowledges inquiry: Microsoft confirmed receipt of inquiries regarding the issue but has not provided details on how they will address the vulnerability.

Related entities

  • Phishing (Attack Type)
  • Betterment (Company)
  • Microsoft (Company)
  • Namecheap (Company)
  • Azure (Company)
  • CWE-200 - Exposure of Sensitive Information (Cwe)
  • CWE-798 - Use of Hard-coded Credentials (Cwe)
  • microsoftonline.com (Domain)
  • [email protected] (Email)
  • T1566.002 - Spearphishing Link (Mitre Attack)
  • Exchange Server (Platform)
  • Microsoft 365 (Platform)
  • SendGrid (Tool)
  • Twilio SendGrid (Tool)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed