Breaking 18:46 US Economy Regains Momentum in Early 2026 Amid Stronger Growth Data 18:32 United States-Morocco: Washington Prepares a Strategic Military Partnership Until 2036 18:28 World Cup 2026: The Moroccan Embassy in Mexico Issues Practical Guide for Atlas Lions Supporters 18:08 Apple raises global product prices amid rising AI chip costs 17:52 Meta explores prediction markets with new Arena platform 17:20 Royal Air Maroc launches special flights to Monterrey for Lions de l'Atlas supporters 16:38 Washington rejects fees on international waterways amid Strait of Hormuz debate 14:30 Rubio warns that proposed Strait of Hormuz transit fees could trigger global maritime disruption 13:01 Federal Reserve overhauls banking supervision structure to boost efficiency and transparency 12:21 Trump Pledges Immediate Aid to Venezuela After Devastating Earthquakes 12:00 Trump requests $87.6 billion from Congress to cover Iran conflict costs and military replenishment 11:30 Rubio strengthens Gulf diplomacy amid rising tensions over Iran and the Strait of Hormuz 10:45 Anthropic unveils Claude Tag, an AI teammate designed for Slack collaboration 10:27 OpenAI unveils Jalapeño, Its first AI chip to accelerate inference 10:18 Artificial intelligence challenges Google’s search dominance despite its continued leadership 07:46 Trump urges defense companies to accelerate weapons production and strengthen military stockpiles 07:33 World Cup 2026 breaks viewing and attendance records as global enthusiasm reaches new heights 07:15 Elon Musk Says Humanoid Robots Could Reduce the Importance of Money in the Future

Scammers send phishing emails from official Microsoft address

Friday 22 May 2026 - 08:31
By: Dakir Madiha
Scammers send phishing emails from official Microsoft address

Phishing operators have exploited a vulnerability in Microsoft’s email notification systems to send fraudulent messages from a legitimate internal address used for security alerts and authentication codes. The abuse involves the address msonlineservicesteam@microsoftonline.com, which normally delivers two-factor authentication codes and account notifications to hundreds of millions of users worldwide. The misuse gives attackers a powerful way to bypass user suspicion by appearing as trusted system communication.

The attack appears to rely on creating or compromising Microsoft accounts and leveraging them to trigger automated system emails that carry fraudulent content. In some cases, attackers replicate security alerts warning of unauthorized transactions. In others, messages direct users to external links embedded in the email body. Because the messages originate from a legitimate Microsoft-controlled infrastructure, they often pass basic authentication checks and appear authentic to recipients.

Security researchers have also documented related techniques involving Microsoft’s identity management system, where attackers manipulate tenant configuration fields to inject deceptive text into automated notifications. This method can alter subject lines and message content in system-generated emails, including fake purchase confirmations or cryptocurrency-related alerts. The result is a hybrid form of phishing where legitimate infrastructure is used to generate convincing fraudulent communications at scale.

A cybersecurity monitoring group has reported that the same Microsoft notification address has been abused for months to distribute spam and phishing messages. The group has flagged the issue to Microsoft and warned that such levels of customization in automated notification systems create structural risks for abuse. Microsoft has acknowledged inquiries but has not publicly detailed corrective measures. The incident reflects a broader trend in which attackers increasingly target trusted enterprise communication systems rather than relying on external spoofed domains. Users are advised to avoid clicking links in unexpected security emails and to verify account activity directly through official platforms.

Keywords:



Latest News États-Unis (United States)
  • Fajr
  • Sunrise
  • Dhuhr
  • Asr
  • Maghrib
  • Isha

Newsletter

Subscribe now to the Walaw website newsletter to receive all the latest updates

Email address

This website, walaw.press, uses cookies to provide you with a good browsing experience and to continuously improve our services. By continuing to browse this site, you agree to the use of these cookies.