Deepthix .
← Retour au blog
tech 24 May 2026

Scammers Exploit an Internal Microsoft Account to Send Spam Links

Scammers are leveraging a loophole in Microsoft's system to send fraudulent emails from a legitimate internal address. Find out how this happens and what Microsoft is doing to address it.

Introduction

In a world where digital security is more crucial than ever, even giants like Microsoft are not immune to security breaches. Recently, scammers have exploited an internal Microsoft account, using this vulnerability to send fraudulent emails from an address considered legitimate. This issue raises important questions about the robustness of large companies' security systems.

How the Scam Works

Scammers have managed to send emails using the address [email protected], an address used by Microsoft for important notifications like two-factor authentication codes. These emails closely resemble official alerts, increasing the likelihood that recipients will mistake them for legitimate communications.

The trick lies in creating new Microsoft accounts, as if the scammers were new customers. This gives them the necessary access to exploit these internal addresses for malicious purposes. The issue has persisted for several months, and while Microsoft is aware, a solution is still forthcoming.

The Impact of Fraudulent Emails

Fraudulent emails sent from a legitimate Microsoft address can have a devastating impact. By mimicking fraudulent alert notifications or promising private messages, these emails can lead users to phishing sites where their personal data could be stolen. According to a Symantec study, about 54% of emails received by users are spam, highlighting the problem's magnitude.

Microsoft's Response

Microsoft has acknowledged the issue and stated that they are actively working to strengthen their detection and blocking systems. However, the task is not simple. Automated notification systems should not allow this level of customization, which facilitates exploitation by scammers. Microsoft has stated they are actively investigating and taking steps to remove accounts violating their policies.

Implications for Business Security

This case highlights how crucial it is for companies to strengthen their security systems. Even a company like Microsoft can be vulnerable, underscoring the importance of regular security audits and constant updates to security protocols.

Companies should also educate their employees and customers about the signs to watch for in fraudulent emails. Increased awareness can significantly reduce phishing risks.

Conclusion

The exploitation of an internal Microsoft account by scammers to send fraudulent emails is a wake-up call for all companies operating in the digital domain. System security must be a priority, and vigilance is required for all industry players.

Let's discuss your project in 15 minutes.

Microsoft scam security phishing cybersecurity
Deepthix newsletter · 100% AI · every Monday 8am

An AI agent reads tech for you.

Our AI agent scans ~200 sources per week and ships the best articles to your inbox Monday 8am. Free. One click to unsubscribe.

Visit the newsletter page →

Want to automate your operations?

Let's talk about your project in 15 minutes.

Book a call