Don’t Respond to Sextortion Emails Claiming to Be from Microsoft
A significant number of Microsoft 365 users have reported receiving intimidating emails from the Message Center via the Microsoft 365 Admin Portal. These deceptive messages originate from scammers who claim to have infiltrated your computer, alleging they possess sensitive information from your device or browser. They threaten to share this compromising content with your family, friends, and colleagues unless a substantial payment is made.
If you find yourself facing such a scenario, it is crucial not to succumb to the blackmail. The perpetrator likely has no actual evidence against you, but it is important to inform Microsoft about the incident.
An illustration of this sextortion email was shared by a user on the Microsoft Answers forum.
As noted by Bleeping Computer, this situation is more alarming than standard phishing attacks because these emails are sent from a legitimate address that is part of the Microsoft 365 Message Center.
Understanding How the Sextortion Scam Operates
The scammers exploit a straightforward vulnerability. They access the Message Center through the Microsoft 365 Admin Portal and click the Share button on a selected message.
Next, they modify the content and circumvent the 1,000-character limit imposed by the platform using browser developer tools.
This tactic allows the scammer to combine their sinister message with official Microsoft communications, giving the illusion of legitimacy.
It appears that Microsoft does not enforce character length restrictions on personal messages shared via the Share button, thereby facilitating this malicious activity.
Ultimately, if you’ve received one of these emails, you can be assured that the scammer holds no actual incriminating evidence against you, and it’s best not to engage with them.
Microsoft is actively pursuing a solution to address this vulnerability, but in the meantime, a temporary workaround is to block the email sender within your email client.
Have you encountered a sextortion email claiming to be from Microsoft? Please share your experiences in the comments section below.
Leave a Reply