Beware: Scammers Exploit Microsoft 365 Admin Portal For Sextortion Emails

These emails claim the recipient's device has been hacked, capturing compromising images or videos.

Microsoft Edited by Wafa Hussain Published: Nov 20, 2024, 10:21 am

Beware: Scammers Exploit Microsoft 365 Admin Portal For Sextortion Emails (Image: X/Microsoft)

A new wave of sextortion emails has emerged and this time, scammers are using the Microsoft 365 Admin Portal to bypass spam filters and trick users.

These emails claim the recipient’s device has been hacked, capturing compromising images or videos. They’re being sent from a legitimate Microsoft email address, 0365mc@microsoft.com.

Excellent discovery and writeup by @LawrenceAbrams on actively abused Microsoft 365 Admin Portal feature scammers are using to send extortion scam emails.

The 1,000-character limit bypass is cherry on top ⚠️

Thanks @edkwan for the tip-off!#Office365 https://t.co/hEcBXzvZUc

— Ax Sharma (@Ax_Sharma) November 18, 2024

These scams aren’t new, but they’ve evolved that now scammers pretend to have evidence of infidelity or compromising situations, demanding hefty payouts.

Between $500 to $5,000 has been extorted from unsuspecting victims since 2018. The latest tactic involves exploiting Microsoft’s Message Center feature which allows users to share service advisories with others including a personal message.

Also, read| Google Accused Of Secretly Undermining Microsoft’s Cloud Business Azure

Scammers have automated the process, sending mass emails with threatening messages. The emails appear legitimate with official Microsoft notifications above the scammer’s message. The message demands $2,000 in Bitcoin to prevent the supposed compromising content from being released.

Microsoft said on their website that the company will never proactively reach out to you to provide unsolicited PC or technical support.

If you receive a phone call claiming to be from Microsoft or see a pop-up window on your PC with a fake warning message and a phone number to call and get your “issue” fixed, it’s better to be safe and not click any links or provide any personal information, the company added.

Many social media users have shared that they receive sextortion emails via the Microsoft 365 Message Centre and posted on X, LinkedIn and other social media platforms.

Don’t fall victim to the sophisticated Microsoft 365 email scam targeting BC law firms – verify before you click and implement robust cybersecurity measures to protect your practice.https://t.co/JZGCxuCYt1

— Leap Cloud Solutions® (@lcsnetworks) November 19, 2024

Also, read| AI At Everyone’s Fingertips, That Isn’t Too Far: Microsoft’s Mustafa Suleyman

TRENDING

Yogi Adityanath Blames "Overconfidence" For BJP's Lok Sabha Losses In UP

Congress Chief Mallikarjun Kharge Demands JPC Probe Into Exit Poll-Driven Market Rally

Mamata Banerjee's Trinamool To Support INDIA Candidate K Suresh For Speaker

Priyanka Gandhi’s Electoral Debut From Wayanad: What Congress Said

“Standalone Device, No Need For OTP”: Election Commission On Mumbai EVM Controversy

“Serious Concerns...”: Rahul Gandhi On EVM Access To Winning Candidate's Relative In Maharashtra

EVM Access To Winning Candidate's Relative: "Fraud At Highest Level," Says Shiv Sena (UBT) MP Priyanka Chaturvedi

Beware: Scammers Exploit Microsoft 365 Admin Portal For Sextortion Emails

These emails claim the recipient's device has been hacked, capturing compromising images or videos.

Related

IIT Kanpur Receives 579 Offers on Day 1 of Campus Placements; Google, Microsoft Among Top Recruiters

Microsoft Denies Using Customer Data To Train AI Models

AI At Everyone's Fingertips, That Isn't Too Far: Microsoft's Mustafa Suleyman

AI At Everyone's Fingertips, That Isn't Too Far: Microsoft's Mustafa Suleyman

Google Accused Of Secretly Undermining Microsoft's Cloud Business Azure

Microsoft Rolls Out Windows 11 2024 Update: Installation Guide

Google, Microsoft Among Top Donors To Democrats; Elon Musk Concerns Over Election Biases