Is Microsoft flagging its own emails as phishing attempts?

Microsoft has been in hot waters when it comes to security, so it's only doing its due diligence.

by Flavius Floare
Flavius Floare
Flavius Floare
Author
Flavius is a writer and a media content producer with a particular interest in technology, gaming, media, film and storytelling. He enjoys spending time in nature and at... read more
Affiliate Disclosure
  • Apparently, a lot of users have been experiencing this false flagging.
  • However, Microsoft has yet to release a solution.
  • But, in doing so, the Redmond-based company might damage the security processes.
microsoft account phishing email
XINSTALL BY CLICKING THE DOWNLOAD FILE
Easily get rid of Windows errors Fortect is a system repair tool that can scan your complete system for damaged or missing OS files and replace them with working versions from its repository automatically. Boost your PC performance in three easy steps:
  1. Download and Install Fortect on your PC.
  2. Launch the tool and Start scanning
  3. Right-click on Repair, and fix it within a few minutes
  • 0 readers have already downloaded Fortect so far this month

It seems that Microsoft flags Microsoft emails as coming from phishing accounts, in a Reddit post made by a confused user, who wondered why this happens.

If you remember, Microsoft has been in a bit of a tough space lately, especially when it comes to security. The Redmond-based tech giant has been criticized by users, for not handling the hacker Storm-0558 situation better. Back in May, Storm-0558 gained access to the email accounts of approximately 25 organizations, many of which were government institutions.

A lot of users then criticized the company, saying they are paying a subscription to protect themselves from Microsoft’s mistakes, rather than real hackers. Microsoft then announced that it will provide more cloud security at no cost, in a collaboration with CISA. The updated security should roll out in September 2023.

But either way, Microsoft’s products, especially Teams, are actively the targets of phishing scams and malware attacks. Teams, for example, is particularly affected. In 2022, 80% of Microsoft 365 accounts were hacked, and a staggering 60% of Microsoft Teams accounts were successfully hacked.

So, it’s only natural Microsoft wants to strengthen security. However, Microsoft flagging up its own emails could end up being very confusing to a lot of people.

Microsoft accounts were flagged as sending phishing emails

An email sent by Microsoft 365 was flagged as being a phishing email and it was quarantined and blocked by Microsoft Security. The detection technology said that the account was actually an impersonation of Microsoft 365, but the email is valid, and it was indeed Microsoft.microsoft account phishing email

However, while this might be frustrating, a lot of users actually like that it happens. It shows that Microsoft is taking its due diligence to provide the best security experiences to customers.

I see this as a good thing. They should have to play by the same rules as everyone else, and not have special methods to bypass their own security measures. If they have a special bypass, that becomes an attack vector for someone else to exploit.

Which is a good think. Nothing should be trusted implicitly and everything can be compromised.

It seems that a lot of users have also experienced this issue, and it’s all due to the fact that Microsoft somehow uses the same algorithms a phishing account would use.

I think the real problem is, they shouldn’t be setting the “From” display field to claim to be individual users. They should have a no-reply address or something. That’s often why their notifications get marked as phishing– they’re doing the same thing phishing attacks do to impersonate users.

Have you experienced this issue? Let us know in the comments section below.

This article covers:Topics: