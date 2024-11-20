A new scam targeting Microsoft users exploits a vulnerability in the Microsoft 365 Admin Portal, allowing hackers to send emails that appear to come from a legitimate Microsoft.com address.

These emails bypass spam filters and directly reach primary inboxes, using fear and urgency to extort payments, usually in Bitcoin. Claiming to have compromising images or videos of the recipient, the emails threaten to share the media publicly unless a ransom is paid. This tactic, known as “sextortion,” preys on emotions to coerce victims.

Hackers manipulate Microsoft’s Message Center “share” feature, a tool for legitimate service notifications, to make their emails seem authentic. Some messages even include personal details, like birthdays, to appear credible. However, this information is often scraped from public data and does not verify the scammer’s claims.

How to Spot the Fakes

Spotting this scam requires vigilance. Microsoft will never request payment in cryptocurrency or use threats to resolve issues. Legitimate security breaches are handled transparently, without coercion. If the email demands Bitcoin or makes sensational claims, it’s a clear red flag.

What to Do

If you receive such an email, do not respond or pay. Report the message to Microsoft through official channels and mark it as spam. Avoid engaging with the sender, as this can escalate the situation.

Microsoft is actively investigating this scam, but staying informed and cautious is your best defense. Remember, a legitimate email will not demand Bitcoin or threaten you. Share this information to help others recognize and avoid these scams.