Microsoft Account Spam: Scammers Exploit Internal Email System
Scammers are exploiting a Microsoft internal email system, typically used for alerts, to send spam and phishing links. The abuse has been ongoing for months, with reports from Microsoft users and anti-spam organizations.
For months, malicious actors have been exploiting a vulnerability within Microsoft's internal systems, enabling them to send unsolicited and potentially harmful emails from an official Microsoft account. This account, usually reserved for legitimate security notifications, is now being leveraged by scammers to distribute spam links, with the messages mimicking those sent by the tech giant to deceive recipients.
The exact method by which scammers are gaining access and initiating these spam campaigns remains unclear. However, reports indicate they are able to establish new Microsoft accounts, presenting themselves as new customers. This access then allows them to dispatch emails that appear to originate from Microsoft, aiming to trick users into interacting with malicious websites or revealing sensitive information. As of early May 2026, Microsoft has not publicly detailed its efforts to curb this ongoing abuse.
In recent weeks, individuals, including this reporter, have received multiple emails with similar structures and subject lines originating from the address msonlineservicesteam@microsoftonline.com. This address is a legitimate Microsoft service used for critical communications such as two-factor authentication codes and account security alerts. Some of the fraudulent emails mimicked official transaction alerts, while others directed users to click links claiming to contain private messages.
The Spamhaus Project, a nonprofit organization dedicated to combating spam, confirmed the abuse on social media this week. The organization stated that the activity had been observed for "several months" and noted that automated notification systems should not permit such a high degree of customization that allows for abuse. Spamhaus has reportedly informed Microsoft of the issue.
Security Concerns Amidst Broader Exploitation Trends
A Microsoft spokesperson acknowledged an inquiry from TechCrunch earlier this week but has not yet provided a statement on the company's response or confirmed if the exploitation of the Microsoft account notification system has been halted. This incident is part of a growing trend where threat actors are abusing legitimate company platforms to compromise customer trust and facilitate scams. For instance, earlier in 2026, hackers infiltrated a platform used by the fintech firm Betterment. They subsequently sent out fraudulent notifications promising inflated returns on cryptocurrency deposits, a common tactic to steal digital assets.
In 2023, a similar incident saw hackers gain access to an email account managed by Namecheap, using it to distribute phishing emails designed to steal user credentials. The ongoing exploitation of Microsoft's systems highlights a significant cybersecurity challenge for major tech companies, as attackers continuously seek new avenues to exploit trusted communication channels. Spam and phishing attempts continue to pose a significant threat to internet users worldwide, underscoring the need for robust security measures and rapid incident response from service providers.
Further discussions on social media reveal that users are reporting similar abuse of email addresses from other companies, suggesting that the vulnerability may not be isolated to Microsoft. This widespread issue raises concerns about the security of automated notification systems across the digital landscape and the potential for widespread deception.