A new scam targeting Microsoft users exploits a vulnerability in the Microsoft 365 Admin Portal, allowing hackers to send emails that appear to come from a legitimate Microsoft.com address.
These emails bypass spam filters and directly reach primary inboxes, using fear and urgency to extort payments, usually in Bitcoin. Claiming to have compromising images or videos of the recipient, the emails threaten to share the media publicly unless a ransom is paid. This tactic, known as “sextortion,” preys on emotions to coerce victims.
Hackers manipulate Microsoft’s Message Center “share” feature, a tool for legitimate service notifications, to make their emails seem authentic. Some messages even include personal details, like birthdays, to appear credible. However, this information is often scraped from public data and does not verify the scammer’s claims.
Spotting this scam requires vigilance. Microsoft will never request payment in cryptocurrency or use threats to resolve issues. Legitimate security breaches are handled transparently, without coercion. If the email demands Bitcoin or makes sensational claims, it’s a clear red flag.
If you receive such an email, do not respond or pay. Report the message to Microsoft through official channels and mark it as spam. Avoid engaging with the sender, as this can escalate the situation.
Microsoft is actively investigating this scam, but staying informed and cautious is your best defense. Remember, a legitimate email will not demand Bitcoin or threaten you. Share this information to help others recognize and avoid these scams.
Get the latest tech news, telecom insights, and product launches wherever you prefer.
Add ProPakistani to Preferred Sources and see more of our stories in Google Search and Top Stories.