Home Microsoft email users warned of new, convincing phishing email scam

Microsoft email users warned of new, convincing phishing email scam

tl;dr

  • Phishing scam exploits a bug to mimic Microsoft corporate emails, warns expert Vsevolod Kokorin.
  • Emails appear to come from @microsoft.com, making them look credible and tricking users into clicking links.
  • Microsoft initially couldn't reproduce the bug but has since acknowledged the issue and reopened the report.

A security expert has issued a warning to Microsoft email users about a surprisingly convincing phishing scam.

According to Vsevolod Kokorin, whose online handle is Slonser, there is a bug that allows cybercriminals to make phishing scams look a lot more credible. This could mean victims may click on malicious links without realizing they’re part of a scam.

Specifically, bad actors are able to mimic Microsoft corporate accounts – those ending in @microsoft.com – making it seem as though they are emailing from a credible source. For example, an email could appear to be sent from [email protected], as highlighted in Slonser’s original post.

While the copy in the email is clearly not from Microsoft, the email address itself looks impressively realistic. This is a common tactic in phishing scams, enticing victims to click on links under the guide of a legitimate request but actually directing people to a malicious website.

This could then lead to people handing over sensitive information, paying money to an unknown person, or downloading malware onto a device without them realizing.

How has Microsoft responded?

Slonser has reported the bug to Microsoft but the company initially said that it was unable to reproduce his original exploit. In a follow-up post to X, he went on to note that the tech company had acknowledged the issue.

What’s more, speaking to the website TechCrunch on Wednesday, Mr. Kokorin said: “Microsoft just said they couldn’t reproduce it without providing any details. Microsoft might have noticed my tweet because a few hours ago they reopen [sic] one of my reports that I had submitted several months ago.”

The bug only appears to work when sending emails directly to Outlook accounts, so Microsoft email users in particular should be on the lookout, of which there are around 400 million in the world.

Even still, phishing scams can strike anyone with any email account, being deemed one of the top tech threats earlier this year. Look out for any emails that attempt to make you take action urgently. When in doubt, contact the company directly rather than clicking through on links in emails.

Featured image: Pexels

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Rachael Davies
Tech Journalist

Rachael Davies has spent six years reporting on tech and entertainment, writing for publications like the Evening Standard, Huffington Post, Dazed, and more. From niche topics like the latest gaming mods to consumer-faced guides on the latest tech, she puts her MA in Convergent Journalism to work, following avenues guided by a variety of interests. As well as writing, she also has experience in editing as the UK Editor of The Mary Sue , as well as speaking on the important of SEO in journalism at the Student Press Association National Conference. You can find her full portfolio over on…

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.