Microsoft slammed for sending out hack email warnings that look an awful lot like spam and phishing attacks

Microsoft was warning users of a recent breach

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Microsofthas recently been sending out email notifications warning some customers of a data breach that might have impacted their personal information. However, the way the company did it drew heavy criticism, with some people saying Microsoft’s emails looked like spam at best - andphishingat worst.

Cybersecurity researcher (and former Microsoft employee) Kevin Beaumont took to LinkedIn recently to explain to his followers that they’re not being targeted with phishing, and that it was just Microsoft communicating poorly:

“Microsoft had a breach by Russia impacting customer data and didn’t follow the Microsoft 365 customer data breach process. The notifications aren’t in the portal, they emailed tenant admins instead.” Beaumontsaid. “The emails can go into spam — and tenant admin accounts are supposed to be secure breakglass accounts without email. They also haven’t informed orgs via account managers. You want to check all emails going back to June. It is widespread.”

Scanning the url

One of the key issues,TechCrunchnoted, is that Microsoft added a “secure link” to the email - which leads to a domain seemingly unrelated to Microsoft: “purviewcustomer.powerappsportals.com.”

“Basically, the critical alert looks like a phishing attack,” one of the recipients said on X.

Many of the people receiving this email thought the same, TechCrunch further suggests, since the link got submitted to urlscan.io “more than a hundred times.” URL Scan is a service that can tell if a website is malicious or not.

What’s more, Microsoft’s support portal has a few posts where customers were looking for clarification if the emails they’re getting are legitimate or not.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“This email has several red flags for me, the request for the TenantID and essentially admin or high level email addresses, the powerapps page being barebones, and some quick Googling not finding anything related to the title of this email or it’s [sic] contents,” one person wrote. “Can anyone confirm this is a legit Microsoft email request?”

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Washington state court systems taken offline following cyberattack

Your doctor may have an AI assistant taking notes during your next Zoom call