Don’t get duped: Hackers use legitimate Microsoft email address to run sextortion email scam

However, a recent report by Bleeping Computer suggests that scammers are now using the Microsoft 365 Admin Portal to bypass spam filters and other security restrictions. It goes on to say that these emails come from “0365mc@microsoft.com”, which may look like a fake address at first sight but is the legitimate email used by the tech giant to send messages and notifications to users.

Here’s how the sextortion email looks like. (Image Source: Edmin Kwan/LinkedIn/Bleeping Computer)

These emails appear from legitimate Microsoft email address

For those not in the know, the Microsoft 365 Admin Portal has a feature called Message Center, which notifies users about features, updates and service advisories. Users can share these ‘service advisories’ with others and send a personal message of up to 1,000 characters.

As it turns out, threat actors have managed to somehow bypass this limit and are using this feature to send sextortion messages. The scammers also seem to have automated the entire process of sharing advisories with users, making it easier to send these messages without any restrictions.

In the image , you can see that the user received an email from Microsoft’s legitimate email address informing them of changes to email service notifications, below which the scammers add a personal message stating that they have images or videos of the user in compromising situations. The email also tells users that they have to send $2000 worth of Bitcoin to the wallet below.

If you get a similar email from Microsoft, its most likely a scam, so make sure not to open any links or send money to unknown crypto wallets or bank accounts. In a statement to Bleeping Computer, Microsoft said that it is currently investigating the scam. The publication also claims that the tech giant is yet to close the loophole that allowed scammers to send such messages.