New, by me: Scammers are abusing a legitimate internal Microsoft account, used for sending critical account alerts and MFA codes to users logging in, to send spam and scam emails.
We first saw a flood of these emails last week, but anti-spam project Spamhaus says this has been going on for months.
The loophole allows spammers and scammers to send emails from a legitimate Microsoft email address typically used for sending genuine account alerts.
