Scammers are abusing an internal Microsoft account to send spam links

For months, scammers have been taking advantage of a loophole that allows them to send spammy emails from an internal Microsoft email address typically used for sending legitimate account alerts.

It’s not clear how the scammers are abusing the system, but they have been able to set up new Microsoft accounts as if they are new customers and use that access to send out emails purportedly from the tech giant, potentially tricking people into thinking these emails are genuine.