Microsoft recently sent out email notifications to warn some customers about a data breach that may have affected their personal information. However, the way the company went about doing this was met with a lot of criticism, with some people saying that Microsoft’s emails looked like spam at best — and phishing at worst.
Cybersecurity researcher (and former Microsoft employee) Kevin Beaumont recently explained to his followers on LinkedIn that they were not the target of phishing, but that Microsoft simply communicated poorly:
“Microsoft had a breach from Russia that impacted customer data and did not follow the Microsoft 365 customer data breach process. The notifications are not in the portal, they sent emails to tenant admins instead.” Beaumont said. “The emails could be going to spam — and tenant admin accounts are supposed to be secure breakglass accounts with no email. They also haven’t notified organizations through account managers. You want to check all the emails going back to June. It’s widespread.”
Scan the URL
One of the most important issues, TechCrunch It should be noted that Microsoft added a “secure link” to the email – which leads to a domain seemingly unrelated to Microsoft: “purviewcustomer.powerappsportals.com.”
“In principle, the critical alert looks like a phishing attack,” said one of the recipients on X.
Many of the people who received the email felt the same way, TechCrunch further suggests, as the link was sent to urlscan.io “over a hundred times,” a service that can determine whether a website is malicious or not.
Additionally, there are a number of posts on Microsoft’s support portal where customers are seeking clarification on whether the emails they are receiving are legitimate or not.
“This email raises several red flags for me, the request for the TenantID and in fact admin or high level email addresses, the powerapps page being bare and some quick Googling that can’t find anything related to the title of this email or it’s (sic) content,” one person wrote. “Can anyone confirm this is a legitimate Microsoft email request?”