WhyWhyWhy?

Why are scammers abusing a Microsoft account to send spam links?

Hacker News

A report that scammers are abusing an internal Microsoft account to send spam links is getting attention because it exposes a clever weakness in how we judge whether email is trustworthy.

Most spam filters — and most people — lean heavily on who a message comes from. An email from a random, sketchy domain gets flagged or ignored. But a message that genuinely originates from a trusted, well-known company's systems sails through, because both the software and the recipient assume it's safe. That trust is exactly what attackers try to hijack.

Why this technique works:

  • Borrowed reputation. If spam is sent through a legitimate Microsoft service or account, the message inherits Microsoft's credibility. Filters that whitelist or trust that source are far less likely to block it.
  • Real infrastructure. Because the email travels through genuine Microsoft systems, technical checks that verify a sender's authenticity may pass, leaving fewer red flags.
  • Human trust. Recipients see a recognizable, reputable name and let their guard down — the core of almost every successful scam.

Attackers are often not breaking down the front door so much as finding a side feature — a notification system, a sharing tool, or an automated message function — that can be made to send content to outsiders. When that content includes a malicious or spammy link, the trusted wrapper does the heavy lifting.

The broader lesson for everyday users: a trusted sender name is not a guarantee of safety. The same applies whenever a message urges you to click a link, especially if it's unexpected or creates urgency. Hover to inspect where a link actually goes, be skeptical of unsolicited prompts, and when in doubt, navigate to a service directly rather than through an emailed link.

For large platforms, stories like this are a reminder that every feature capable of sending messages to the outside world is a potential abuse vector. Closing these gaps is an ongoing game of whack-a-mole — attackers probe for any trusted channel they can borrow, and providers patch them as they're discovered.

#security#technology#scams

Keep reading

← More of today's explainers