Scammers are abusing an internal Microsoft account to send spam links

Posted by spike021 19 hours ago

Scammers are abusing an internal Microsoft account to send spam links(techcrunch.com)

239 points | 135 commentspage 2

wnevets 18 hours ago|

Is something similar happening with paypal? I've been getting seemly emails from the PayPal domain that are obviously a scam.

redwall_hp 17 hours ago||

The ones I've seen from PayPal are basically from sending a large request for money to you, then in the freeform text field for the reason, putting fake "if you believe this is a scam, call [actually a scam number]" text.

casty 15 hours ago||

I can confirm. Interestingly they actually put a random USDC transaction number from Coinbase which was very close (close enough that I thought it was accurate) of a transaction I actually did on Coinbase at one point. I was so confused so I ended up calling the number but immediately realized once they picked up what was going on. Essentially they got really lucky that my actual transaction amount was close enough to seem plausible.

This is a failure on PayPal’s email template that the freeform text field appears just as legit as other items. The text label was something like “Message from Sender”.

duskwuff 15 hours ago||

> This is a failure on PayPal’s email template that the freeform text field appears just as legit as other items.

This is a somewhat common pattern in scams - abusing freeform text fields in emails or other messages to give the impression that a message is coming from a source that didn't intend to send it.

Another variant I've seen is malicious URLs linking to search engines which display the user's search terms, e.g. a link to a Microsoft site search with a prefilled search of "YOU HAVE A VIRUS, CALL MICROSOFT SUPPORT 555-1212".

diego_sandoval 14 hours ago||

PayPal itself is a scam.

kro 6 hours ago||

I've been receiving loads of spam from google MX servers lately until blocking all mails with X-Google-Group-Id headers. I don't know how it's possible, the contents were 100% spammer controlled, no Google template

zer0tonin 10 hours ago||

I got one of those random 2auth codes email and I assumed my password had been compromised. At least it's some kind of relief to know that it's only a compromised Microsoft email address...

okandship 11 hours ago||

big vendors asking users to inspect domains while spreading mail across unclear domains is part of the problem. publishing a signed, boring source of truth for official sending domains would help defenders a lot.

nippoo 16 hours ago||

I mean, it happened to the FBI... https://krebsonsecurity.com/2021/11/hoax-email-blast-abused-...

razakel 11 hours ago|

>The FBI is aware of a software misconfiguration

That's not a misconfiguration, that's incompetence.

How do these people get hired?

lachiflippi 8 hours ago||

That's actually really easy:

1. be government agency

2. pay 30-70% less than private sector companies would for a similar position

3. receive applicants that are 30-70% less competent

Bonus:

- have 30+ year old systems nobody understands anymore because the team behind them has been dead/retired for a decade

- have hiring process handled entirely by out of touch suits

- have a revolving door of motivated soon-to-be burnouts mopping up the mess behind the aforementioned regular employees

MichaelZuo 18 hours ago||

How does it work when a genuine microsoft domain is spending out spam?

Do other email providers penalize that specific domain only, or all microsoft domains to a tiny degree?

lelandbatey 18 hours ago||

The domain is Microsoftonline.com

Typically it's a mis-placed feature. Something like "send an email alert when a thing happens" and they let you control what goes in the message body as well as who the message should be sent towards. Sounds reasonable on the surface, but without guardrails it lets folks send arbitrary emails from your domain.

privacyfish 17 hours ago|||

[flagged]

huflungdung 18 hours ago||

[dead]

ChrisArchitect 16 hours ago||

https://abnormal.ai/blog/system-notification-abuse-microsoft...

avazhi 12 hours ago||

Pretty apropos and quite ironically encapsulates what Microsoft has turned into over the past few years in particular.

Imagine this is some truly errant copilot instance truly embracing its slop destiny.

lol

zbengrac2 11 hours ago||

shocking..

More comments...