Cybercriminals hacked Microsoft, used official email for sexual blackmail scam – Firstpost

An alarming new cybercrime trend has emerged in which hackers are using Microsoft’s own email systems to commit sexual extortion scams. Reports reveal that cybercriminals are using the Microsoft 365 Admin Portal to send emails from legitimate Microsoft addresses, making the scam appear trustworthy and bypassing spam filters and other security measures.

Sexual blackmail emails claim that the recipient’s smartphone, tablet or computer has been hacked to capture indecent images or videos. Victims are then forced to pay up to $2,000 in Bitcoin to prevent the alleged material from being published. This worrying tactic has reignited concerns about sextortion scams, which have evolved significantly since they emerged in 2018.

Legitimate Microsoft email used for fraudulent purposes

Hackers are reportedly taking advantage of a feature in the Message Center of the Microsoft 365 Admin Portal. Designed to send service updates and recommendations, this feature allows users to share notifications with others by adding a personalized message of up to 1,000 characters. Scammers have managed to get around this character limit by using legitimate email addresses to send fake messages.

The emails often start with a genuine Microsoft notification before the scammer adds a threatening message. Recipients are falsely informed that their activities are being recorded and are asked to pay a Bitcoin ransom to prevent this information from being revealed. Using a legitimate Microsoft email makes fraud harder to detect and increases the likelihood of evading security filters, increasing its potential reach.

Automation is a growing threat

To maximize their impact, scammers have automated the process of sharing recommendations through the Admin Portal. This automation allows them to send these threatening messages on a large scale without restriction. The combination of automation, legitimate email addresses, and official-looking notifications has created the perfect storm for cybercriminals to exploit unsuspecting users.

Victims are urged to be careful if they receive emails from Microsoft mentioning sexual blackmail threats. Experts recommend avoiding clicking on links, opening attachments, or transferring funds to unknown cryptocurrency wallets or bank accounts. Even if the email appears to be from a legitimate source, users must verify the message through official channels.

Microsoft investigates as threat persists

According to the statement, Microsoft has acknowledged the issue and is currently investigating the fraud. beeping computer. However, the tech giant has yet to address the vulnerability that allows scammers to send these messages. While failure to take immediate action increased concerns, cybersecurity experts called for urgent measures to be taken to close this exploit.

While Microsoft is working on a solution, users are advised to be careful and report suspicious emails to their IT department or Microsoft’s support team. The ongoing fraud is a stark reminder of how cybercriminals are constantly adapting their tactics, even using trusted platforms to achieve their goals.