Microsoft Internal Account [email protected] Abused for Spam
Microsoft notification email abused for spam over months, with Microsoft and Spamhaus confirming actions; parallels to prior vendor incidents noted.
Scammers exploited [email protected] for months to send emails with fraudulent transaction alerts and links, as documented in TechCrunch reports from May 2026 citing multiple recipient accounts. The Spamhaus Project posted on social media that automated notification systems permitted this customization level, with activity observed for several months prior to their notification to Microsoft.
Microsoft issued a statement confirming active investigation, detection strengthening, and removal of violating accounts, following initial non-response to inquiries. Comparable cases include 2023 Namecheap email account abuse for phishing and 2026 Betterment platform notifications for crypto scams, both referenced in the primary coverage.
Social media users reported parallel misuse of other vendors' notification addresses, confirming the pattern extends beyond Microsoft per contemporaneous posts.
[AXIOM]: Notification systems lacking customization controls will see repeated abuse across providers.
Sources (3)
- [1]TechCrunch Article(https://techcrunch.com/2026/05/21/scammers-are-abusing-an-internal-microsoft-account-to-send-spam/)
- [2]Spamhaus Project Social Post(https://x.com/spamhaus)
- [3]Microsoft Statement(https://techcrunch.com/2026/05/21/scammers-are-abusing-an-internal-microsoft-account-to-send-spam/)