Microsoft slammed for sending out hack email warnings that look an awful lot like spam and phishing attacks

“Microsoft had a breach by Russia impacting customer data and didn’t follow the Microsoft 365 customer data breach process. The notifications aren’t in the portal, they emailed tenant admins instead.” Beaumont said. “The emails can go into spam — and tenant admin accounts are supposed to be secure breakglass accounts without email. They also haven’t informed orgs via account managers. You want to check all emails going back to June. It is widespread.”

Scanning the url

One of the key issues, TechCrunch noted, is that Microsoft added a “secure link” to the email - which leads to a domain seemingly unrelated to Microsoft: “purviewcustomer.powerappsportals.com.” 

“Basically, the critical alert looks like a phishing attack,” one of the recipients said on X.

Many of the people receiving this email thought the same, TechCrunch further suggests, since the link got submitted to urlscan.io “more than a hundred times.” URL Scan is a service that can tell if a website is malicious or not. 

What’s more, Microsoft’s support portal has a few posts where customers were looking for clarification if the emails they’re getting are legitimate or not. 

“This email has several red flags for me, the request for the TenantID and essentially admin or high level email addresses, the powerapps page being barebones, and some quick Googling not finding anything related to the title of this email or it’s [sic] contents,” one person wrote. “Can anyone confirm this is a legit Microsoft email request?”

More from TechRadar Pro

• A recent Microsoft data breach also let Russian hackers compromise US federal agencies
• Here's a list of the best firewalls today
• These are the best endpoint protection tools right now