Particle.news
Get it on Google Play
Download on the App Store
3 ARTICLES
·
2h ago

Scammers Send Phishing From Official Microsoft Notification Address

Security researchers say attackers are able to make Microsoft-generated alert emails carry attacker-written text so those messages can bypass filters and look genuine.

Scammers have found a way to weaponize an official Microsoft email address in order to spread their cyber crimes.

Overview

  • Multiple outlets reported on Thursday, May 21, 2026, that scam emails were delivered from msonlineservicesteam@microsoftonline.com, an address Microsoft uses for account alerts.
  • Researchers at Abnormal described a method where attackers create disposable Microsoft 365 tenants and change the Tenant Branding 'Name' field in Entra ID to inject fraudulent text into system verification emails.
  • Because the messages originate from a trusted Microsoft address and often contain no malicious links or attachments, they can evade spam filters and convince recipients the alerts are real.
  • The Spamhaus Project says it has observed this abuse for several months and notified Microsoft, and Microsoft has acknowledged inquiries but has not publicly confirmed a remediation.
  • Security coverage points to a wider trend of attackers abusing legitimate corporate messaging systems and advises users to scrutinize unexpected notifications and for vendors to restrict customization in automated alerts.