A new Microsoft 365 phishing scam tricks users into calling fake support numbers by exploiting Microsoft’s legitimate email infrastructure. Attackers create fake Microsoft 365 tenants that trigger genuine Microsoft emails containing fake warning messages and phone numbers. Since these emails are sent from Microsoft’s systems, they easily bypass traditional security checks and appear authentic. Victims who call the provided number risk sharing sensitive information or installing malicious software. To stay protected, users should verify suspicious emails directly on Microsoft’s official website, be cautious of unexpected ".onmicrosoft.com" domains, and implement multi-factor authentication (MFA) for added security. Continue here.
