Subj : Microsoft slammed for sending out hack email warnings that look a To : All From : TechnologyDaily Date : Thu Jul 11 2024 15:00:06 Microsoft slammed for sending out hack email warnings that look an awful lot like spam and phishing attacks Date: Thu, 11 Jul 2024 13:57:21 +0000 Description: Microsoft was warning people of a recent breach, but the notifications resembled a typical phishing email. FULL STORY ====================================================================== Microsoft has recently been sending out email notifications warning some customers of a data breach that might have impacted their personal information. However, the way the company did it drew heavy criticism, with some people saying Microsofts emails looked like spam at best - and phishing at worst. Cybersecurity researcher (and former Microsoft employee) Kevin Beaumont took to LinkedIn recently to explain to his followers that theyre not being targeted with phishing, and that it was just Microsoft communicating poorly: Microsoft had a breach by Russia impacting customer data and didnt follow the Microsoft 365 customer data breach process. The notifications arent in the portal, they emailed tenant admins instead. Beaumont said . The emails can go into spam and tenant admin accounts are supposed to be secure breakglass accounts without email. They also havent informed orgs via account managers. You want to check all emails going back to June. It is widespread. Scanning the url One of the key issues, TechCrunch noted, is that Microsoft added a secure link to the email - which leads to a domain seemingly unrelated to Microsoft: purviewcustomer.powerappsportals.com. Basically, the critical alert looks like a phishing attack, one of the recipients said on X. Many of the people receiving this email thought the same, TechCrunch further suggests, since the link got submitted to urlscan.io more than a hundred times. URL Scan is a service that can tell if a website is malicious or not. Whats more, Microsofts support portal has a few posts where customers were looking for clarification if the emails theyre getting are legitimate or not. This email has several red flags for me, the request for the TenantID and essentially admin or high level email addresses, the powerapps page being barebones, and some quick Googling not finding anything related to the title of this email or its [sic] contents, one person wrote. Can anyone confirm this is a legit Microsoft email request? More from TechRadar Pro A recent Microsoft data breach also let Russian hackers compromise US federal agencies Here's a list of the best firewalls today These are the best endpoint protection tools right now ====================================================================== Link to news story: https://www.techradar.com/pro/security/microsoft-slammed-for-sending-out-hack- email-warnings-that-look-an-awful-lot-like-spam-and-phishing-attacks --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .