Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Microsoft slammed for sending out hack email warnings that look an awful lot like spam and phishing attacks

A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system.

Microsoft has recently been sending out email notifications warning some customers of a data breach that might have impacted their personal information. However, the way the company did it drew heavy criticism, with some people saying Microsoft’s emails looked like spam at best - and phishing at worst.

Cybersecurity researcher (and former Microsoft employee) Kevin Beaumont took to LinkedIn recently to explain to his followers that they’re not being targeted with phishing, and that it was just Microsoft communicating poorly:

“Microsoft had a breach by Russia impacting customer data and didn’t follow the Microsoft 365 customer data breach process. The notifications aren’t in the portal, they emailed tenant admins instead.” Beaumont said. “The emails can go into spam — and tenant admin accounts are supposed to be secure breakglass accounts without email. They also haven’t informed orgs via account managers. You want to check all emails going back to June. It is widespread.”

Scanning the url

One of the key issues, TechCrunch noted, is that Microsoft added a “secure link” to the email - which leads to a domain seemingly unrelated to Microsoft: “purviewcustomer.powerappsportals.com.” 

“Basically, the critical alert looks like a phishing attack,” one of the recipients said on X.

Many of the people receiving this email thought the same, TechCrunch further suggests, since the link got submitted to urlscan.io “more than a hundred times.” URL Scan is a service that can tell if a website is malicious or not. 

What’s more, Microsoft’s support portal has a few posts where customers were looking for clarification if the emails they’re getting are legitimate or not. 

“This email has several red flags for me, the request for the TenantID and essentially admin or high level email addresses, the powerapps page being barebones, and some quick Googling not finding anything related to the title of this email or it’s [sic] contents,” one person wrote. “Can anyone confirm this is a legit Microsoft email request?”

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.