Scammers exploiting Microsoft business notifications to launch attacks www.kaspersky.com/blog/micr…

The crux of the scam lies in the text attackers add to the Billing information section. Typically, this section contains the subscriber company’s name and the billing address. However, the scammers swap out that information for their own phone number, plus a note encouraging the recipient to call “Microsoft” if they need any assistance. The types of “purchased” subscriptions suggest that the scammers are targeting company employees.

They prey on a common employee fear: making an expensive, unnecessary purchase could cause trouble at work. And since resolving the issue by email isn’t an option (the message comes from a no-reply address), the victim is left with little choice but to call the phone number provided.