Beware of OnMicrosoft.com Office 365 Malicious and Spam Emails

Posted: Nov 13, 2018 at 6:02 PM by an anonymous user from or near: Bromsgrove, England, United Kingdom

I have received the following email. Comments, please?

"Hi‌ the‌re

I am a‌ ha‌cke‌r who‌ bro‌ke‌ yo‌u‌r e‌ mai‌l a‌nd de‌vi‌ce a‌ few we‌e‌ks a‌go.

You‌ type‌d i‌n yo‌ur pa‌ssco‌de‌ o‌n o‌ne‌ of the‌ si‌te‌s yo‌u‌ vi‌si‌ted, a‌nd I i‌nte‌rcepte‌d i‌t.

He‌re‌ i‌s the‌ pa‌sswo‌rd from *@blueyonder.co.uk u‌po‌n mo‌me‌nt o‌f ha‌ck:

No‌ do‌u‌bt yo‌u‌ ca‌n can change i‌t, or a‌lrea‌dy cha‌nge‌d it.

Bu‌t thi‌s wi‌ll not ma‌tte‌r, my o‌wn ma‌li‌cio‌u‌s softwa‌re‌ u‌pdate‌d it e‌very ti‌me‌.

Do‌ not ne‌ce‌ssa‌rily try to‌ ge‌t i‌n to‌u‌ch with me‌ o‌r e‌ve‌n fi‌nd me‌.

Thro‌u‌gh your e-ma‌i‌l, I uplo‌a‌ded malici‌o‌u‌s co‌de‌ to‌ yo‌u‌r Ope‌ra‌tion Syste‌m.

I sa‌ve‌d a‌ll of yo‌u‌r curre‌nt co‌nta‌cts toge‌ther with fri‌e‌nds, co‌-wo‌rke‌rs, fa‌mi‌ly me‌mbe‌rs plu‌s a‌ e‌nti‌re re‌co‌rd of visits to‌ the‌ Wo‌rld-wi‌de‌-web re‌so‌urces.

Also I se‌t up a Vi‌ru‌s on yo‌u‌r syste‌m.

You‌ a‌ren't my only pre‌y, I ge‌ne‌ra‌lly lock co‌mpute‌rs a‌nd a‌sk fo‌r a‌ ranso‌m.

None‌thele‌ss I wa‌s struck by the‌ we‌b si‌te‌s of clo‌se‌ ma‌te‌ri‌al tha‌t yo‌u‌ fre‌qu‌e‌ntly check o‌ut.

I a‌m i‌n su‌rpri‌se‌ of you‌r cu‌rre‌nt fa‌nta‌si‌e‌s! I have‌ ne‌ve‌r ever no‌ti‌ce‌d a‌nythi‌ng a‌t a‌ll li‌ke‌ thi‌s!

Thu‌s, whe‌n yo‌u‌ ha‌d e‌njo‌yme‌nt o‌n pi‌qua‌nt we‌bsi‌te‌s (yo‌u‌ kno‌w wha‌t I a‌m ta‌lki‌ng a‌bo‌ut!) I cre‌a‌te‌d scre‌en sho‌t wi‌th u‌sing my pro‌gra‌m from yo‌u‌r ca‌me‌ra‌ o‌f yours de‌vi‌ce‌.

The‌re a‌fter, I co‌mbi‌ne‌d the‌m to‌ the co‌nte‌nt of the‌ pa‌rticula‌r cu‌rre‌ntly vi‌e‌we‌d web si‌te.

There will be‌ la‌u‌ghte‌r when I se‌nd these‌ pi‌ctu‌re‌s to‌ yo‌ur acquai‌nta‌nce‌s!

BUT I beli‌eve‌ yo‌u‌ do‌ no‌t wa‌nt it.

Thu‌s, I e‌xpe‌ct pa‌yme‌nt fro‌m yo‌u‌ i‌nte‌nde‌d fo‌r my qui‌e‌t.

I co‌nside‌r $4498 is an su‌i‌ta‌ble‌ co‌st fo‌r thi‌s!

Pa‌y with Bi‌tcoi‌n.

My Bitco‌i‌n walle‌t: 1PJ3kGge3cM2ENoVyHtzFuoXA8g5rQp8Fu

In ca‌se‌ yo‌u do‌ no‌t re‌a‌lly kno‌w ho‌w to‌ do‌ thi‌s - submi‌t i‌n to‌ Go‌o‌gle‌ 'how to‌ send mo‌ne‌y to‌ a bi‌tcoin wa‌lle‌t'. It i‌sn't diffi‌cult.

Fo‌llo‌wing ge‌tti‌ng the‌ gi‌ve‌n a‌mo‌u‌nt, all you‌r i‌nfo‌rma‌ti‌o‌n wi‌ll be‌ stra‌i‌ght a‌wa‌y e‌limi‌na‌ted a‌uto‌ma‌ti‌cally. My compute‌r vi‌ru‌s will a‌lso cle‌a‌r a‌wa‌y i‌tse‌lf thro‌u‌gh yo‌u‌r os.

My Co‌mpute‌r vi‌ru‌s ha‌ve‌ a‌u‌to a‌le‌rt, so‌ I kno‌w when thi‌s parti‌cular e‌-ma‌i‌l i‌s re‌a‌d.

I gi‌ve you‌ two‌ days (Fo‌rty ei‌ght hrs) i‌n orde‌r to ma‌ke a‌ pa‌yme‌nt.

If thi‌s do‌e‌s no‌t o‌ccu‌r - a‌ll yo‌u‌r contacts wi‌ll ge‌t ri‌diculo‌u‌s photo‌s fro‌m yo‌ur darke‌r secre‌t li‌fe‌ a‌nd yo‌u‌r devi‌ce‌ wi‌ll be‌ blo‌cke‌d a‌s we‌ll a‌fte‌r 48 ho‌urs.

Do‌ no‌t e‌nd up be‌i‌ng stu‌pid!

Co‌ps o‌r pa‌ls wo‌n't a‌ssi‌st yo‌u‌ fo‌r ce‌rta‌i‌n ...

PS I ca‌n pro‌vide‌ yo‌u re‌co‌mme‌ndation fo‌r the fu‌ture‌. Neve‌r type‌ i‌n you‌r pa‌sswo‌rds o‌n u‌nsa‌fe‌ we‌b pa‌ges."

delete

Posted: Jul 29, 2018 at 11:33 AM by info

Here is another scam:

-----Original Message-----
From: melissab@oregonwestmanagement.onmicrosoft.com

Sent: 26 July 2018 12:20 PM
Subject: Summon

RE: Notice of Intent to Sue
Account Number 638887ZA11

Good Day

This letter serves as the formal notice of an intent to file a lawsuit against your company in court, due to your not paying an owed invoice as previously requested.

A hearing date has been confirmed for On July 26 2018, and if you wish to resolve this matter without court action, our client will expect refund within thirty (30) days of this notice. The Court summons letter is in the below Microsoft document transfer link, kindly verify your receiving email client on the attached to redirect and download summons. View the attached
document for more details.

Regards

Magistrate Court
Justice Firm Debt Collection Agent

delete

Posted: Jan 18, 2018 at 11:24 AM by an anonymous user from or near: St. Peters, Missouri, United States

why doesn't Microsoft allow *.onmicrosoft.com or _.onmicrosoft.com be a legitimate domain that we can block?

delete

Posted: Jan 6, 2018 at 2:10 AM by info

Received via email:

"Please help me and tell me how to get rid of these spam emails from my Mozilla Email account. I am being bombarded with various mail from all these sources ending in .onmycrosoft .com. Here are some of them.

Fox@brandy,onmicrosoft.com

marianakur@marianakur.onmicrosoft.com

carmela.smoot@smootsarl.onmicrosoft.com

Devin@DevinHiggins.onmicrosoft.com

Saulalinsky@manyasarl.onmycrosoft.com

They all are using my Email as the SENDER"

delete

Posted: Dec 29, 2017 at 9:49 AM by an anonymous user from or near: Baltimore, Maryland, United States

Receiving multiple spam emails. Kindly provide the specific wording for creating a rule to block "onmicrosoft.com" emails. Using "onmicrosoft.com in the recipients address" did not work. Thanks so much!

delete

Posted: Dec 19, 2017 at 11:13 AM by an anonymous user from or near: Kansas City, Kansas, United States

I get onmicrosoft emails all the time, sometimes several per day (I got 3 today). I block each one from my Outlook and my network server. Unfortunately, this doesn't stop more from showing up, because each email is from a different individual. Does anyone know how they got my info and keep passing it around? Also, do you want me to forward each one I get to you? It would definitely clog up your server!

delete

Posted: Oct 19, 2017 at 10:56 AM by an anonymous user from or near: Toronto, Ontario, Canada

I received a survey email solicitation from purportedly "info@conservative.ca" which in fact was "unjunkeopdirect@outlooksen.onmicrosoft.com". I did not open the survey attachment.
RS

delete

Posted: Sep 14, 2017 at 12:36 PM by an anonymous user from or near: Newark, New Jersey, United States

Here is another scam, please do not follow the instructions in it:

-- start of scam --
"From VIP@gnetworks.onmicrosoft.com

THANK YOU FOR BEING A VALUED DIRECTV CUSTOMER

America’s #1 Satellite TV Service!

Thank you for being a valued DIRECTV Customer and I am confident that you will find your DIRECTV experience to be exceptional. As the Executive Vice President of Goodman Networks, your authorized Installation and Service Provider for DIRECTV, my goal is to ensure you receive the highest quality installation, education and customer service in the industry. Your Service, 1-2P9OCUJC, was completed out of our Tyler office.

If for any reason you do not feel our technician met your needs with the service they performed, we want to address and resolve them as soon as possible. In an effort to assist you, please send an email to our Executive Office using the email address below and provide the following information so we can respond to you without delay.

~ Billing Phone Number, DIRECTV Account Number, and your preferred contact information ~

For billing questions please contact DIRECTV at 1-800-531-5000

Goodman Networks Contact Information
Email: VIP@goodmannetworks.com
Mail: 2801 Network Blvd., Suite 300 Frisco, TX 75034

Thank you again for choosing Goodman Networks and DIRECTV. We recognize that you have a
choice in television service providers and we appreciate your business.

Sincerely,
Chris Grant, Executive Vice President
Goodman Networks"

-- end of scam --

delete

Posted: Aug 21, 2017 at 4:44 PM by an anonymous user from or near: Los Angeles, California, United States

Hi,

I got email like this, and it said send via caffelli.onmicrosoft.com.

Is this a spam?
Please help me to figure out.


"Intel Optane Treasure Hunt Contest
Winning Mail

Pen Corbin

Congratulations! You’ve been selected as a Grand Prize winner in the Intel® Optane Treasure Hunt Contest! Below are the prize fulfillment process and steps required from you to confirm your eligibility and claim your prize.

My name is Pen and I work for Caffelli, an Advertising Agency based in Portland, Oregon—we organized and managed the contest in conjunction with Intel. I’ll be walking you through the process to claim your prize, please follow the steps outlined below within 5 business days. Please note, if we don’t hear back from you in that time frame, we’ll move to an alternate winner.

US Residents – Everything below can be sent via email. No hard copies are required:
Confirm that you are 18 and a United States resident
Fill out the attached W9
Fill out the attached affidavit of eligibility
Provide a scanned copy of your driver’s license or government issued ID

–OR–

Canadian Residents – Everything below can be sent via email. No hard copies are required:
Confirm you are at least the age of majority in your province and a Canadian resident
Fill out the attached W8-BEN
Fill out the attached affidavit of eligibility
Provide a scanned copy of your driver’s license or government issued ID
Confirm your province. (Residents of Quebec are not eligible as outlined in the contest Terms & Conditions)
Congratulations again on your win!

Pen Corbin
Event and Branded Merchandise Coordinator
P 503.914.6010
M 503.501.1767
F 503.419.4666

www.caffelli.com"

delete

Posted: May 15, 2017 at 8:53 AM by an anonymous user from or near: Concord, California, United States

I received this email from Apple today. In which I know is NOT Apple... Then I found your article. I thought since this is 2017 and still circulating, it wouldn't be a bad idea to post it... diglaw@naturetot.onmicrosoft.com

delete

Posted: Apr 5, 2017 at 2:41 PM by an anonymous user from or near: San Diego, California, United States

So, if we do "...look out for suspicious email messages that are sent from email addresses ending with "onmicrosoft.com, " how can we get our ISPs to block spammers whose domains ends as "onmicrosoft.com?

My ISP only lets me block either the full domain alone, or the senders full address, but not "all" addresses that END in onmicrosoft.com

Currently, I have over 50. I have to block individually.

Here are two examples:
adam21@fddqfsdfsfdsdf.onmicrosoft.com
adam22@fairefaire.onmicrosoft.com

Does anyone know how you can do this?

Thank you.

delete

Posted: Jan 27, 2017 at 6:06 AM by an anonymous user from or near: New Minas, Nova Scotia, Canada

Received email titled "Your Office 365 Business".

Message says Total email held:14
Date: 01-27-2017

Tells me to continue to link below to view important contact messages
Otherwise all 14 messages will be deleted.

I assume a scam and trashed it.

delete

Posted: Jan 23, 2017 at 3:05 PM by an anonymous user from or near: San Diego, California, United States

I have tried many times to block these unwanted emails. Has there been a solution?

delete

Posted: Jan 22, 2017 at 1:42 PM by an anonymous user from or near: Bald Eagle, Minnesota, United States

How do I setup a filter to delete all emails from 365 or .onmicrosoft.com

delete

Posted: Jan 20, 2017 at 11:45 AM by info

Receive via email:

"Hi, I've been getting more and more emails that end in .onmicrosoft.com. Because the 1st parts of the email address are always different, I can't seem to block them. I use cox.net as my internet server & I've reached the 99 blocked email limit due to the different email addresses and I've used webmail to report these as spam, yet the number of emails seem to multiply daily. It would be a real hassle for me to change my email address and take most likely a day to change the email I do want to get at the various sites that use it to contact me. Is there an easier solution? Does microsoft actually care about this problem and will they be doing anything to prevent further spam-phishing? thank you Liona"

delete

Posted: Jan 15, 2017 at 3:52 AM by an anonymous user from or near: Fairfax, Virginia, United States

I use Outlook for mail. You need to dig a bit to go beyond blocking just an individual sender. The menu "Junk" doesn't offer that option. Here are the steps: Junk -> Junk Email Options -> Blocked Senders -> @onmicrosoft.com

delete

Posted: Jan 9, 2017 at 4:44 PM by an anonymous user from or near: Mesa, Arizona, United States

OK, so I understand how these malicious emails (onmicrosoft.com) are created, but my question is HOW DO I STOP THEM?

delete

Posted: Dec 28, 2016 at 12:14 PM by an anonymous user from or near: Laguna Beach, California, United States

About a week ago I started getting so many spam emails from onmicrosoft.com and they just keep coming.

How do you stop this?

delete

Posted: Dec 22, 2016 at 9:43 AM by an anonymous user from or near: Edmonton, Alberta, Canada

Thank you for posting this.

delete

Posted: Dec 10, 2016 at 11:47 AM by an anonymous user from or near: Silverdale, Washington, United States

Recieved 12/10/16:

"Hi, there.

My name is Jean Rafon, I'm from France.

Last week I Bought an old book from street here in Paris and I found your email inside of it, i'm curious to know if this is a real person,
and what relate you with this book!

Looking forward to hearing from you! Thanks

Jean (harry145225swangeropera74 @outlook.com)"

delete

Posted: Dec 10, 2016 at 7:00 AM by info

Received via email:

"Today I received an email from a person named Jean Rafon from France. Claims to have found my email in an old book. So I researched this name and found you. I will forward the letter. Am I in any danger of this person? Do you know any more about them? Thank you!"

delete

Posted: Dec 8, 2016 at 10:46 PM by an anonymous user from or near: Elizabeth, Colorado, United States

I've received the Jean Rafon email just this evening. What would the scam be?

delete

Posted: Dec 3, 2016 at 8:13 AM by info

Received via email:

"I am receiving emails from this email address, ~CheaTlng.MlLfs~ , and others with the onmicrosoft. How can I stop this?"

delete

Posted: Dec 2, 2016 at 2:38 PM by an anonymous user from or near: Nashville, Tennessee, United States

From: Andree@Supporet.onmicrosoft.com. Received this email today:

"Hi there

My name is Jean Rafon, I'm from France.

Last week I Bought an old book from street here in Paris and I found your email inside of it, i'm curious to know if this is a real person,
and what relate you with this book!

Looking forward to hearing from you! Thanks."

I tried googling the spam to see if anyone else received this weird email and didn't find anything. So I wanted to post it somewhere so people are aware.

delete

Posted: Nov 16, 2016 at 3:24 PM by an anonymous user from or near: Irvine, California, United States

In the past 24 hours, I have gotten eight spam emails from various onmicrosoft.com addresses. Just thought you'd like to know.

delete

Posted: Nov 7, 2016 at 2:47 PM by an anonymous user from or near: Westport, Connecticut, United States

In the last two and a half days, I've gotten 19 spam messages from a @onmicrosoft.com. Somehow my email address has been distributed to the bad guys, and I'm being flooded.

delete

Posted: Aug 23, 2016 at 11:52 AM by an anonymous user from or near: Las Vegas, Nevada, United States

I have receiving emails from address below asking me to complete a W8 form and then a W9 form:
John Lee via abcimaging.Onmicrosoft.Com

delete

Posted: Jul 12, 2016 at 4:15 AM by an anonymous user from or near: New Plymouth, Taranaki, New Zealand

These scammers think I'm stupid. It didn't look like what Apple have. I have reported the fraudulent email below:

-- start of message --
"Date: 12 July 2016 at 8:15:43 PM NZST
To: "support@costumer service"
Subject: Re: Your Apple ID has been used to buy '' black gold ''‏‏

On 11/07/2016, at 7:38 AM, support@costumer service wrote:

Your Apple ID has been used to buy '' black gold '' by Diego from the iTunes Store on a computer or device that has not been previously associated with him.
you can also receive this message if you have reset your password from your last purchase.

this purchase was made in following countrie : Hong kong

if you are the source of the downoald , you can ignore this email. He was sent as precaution to protect you from any unauthorized purchases.

if you are not behind this purchase, we recommend you go here
Best regards,
Apple"

delete

Posted: Mar 27, 2016 at 10:48 AM by an anonymous user from or near: Tucker, Georgia, United States

I have been receiving phishing and fake FBI alerts spams from "specialinvestigators .onmicrosoft.com" accounts.

I have complained to Microsoft dozens of times and I ever get back is canned responses such as the following:

"Thank you for your report. Based on the message header information you have provided, this email appears to have originated from an Office 365 or Exchange Online tenant account.to report junk mail from Office 365 tenants, please send an email to junk@office365.microsoft.com and include the junk mail as an attachment.

You can get more information about dealing with junk email from Office 365 and Exchange Online accounts here: https://technet.microsoft.com/ en-us/library/jj200769 (v=exchg.150).aspx"

Sending the complaint to the junk@ email address does nothing as well. There may be a legal issue here as Microsoft has been given ample warning of crimes being committed on their equipment yet they fail to act to curb this wave of criminal activity.

delete

Posted: Mar 6, 2016 at 6:34 PM by an anonymous user from or near: Apex, North Carolina, United States

I am getting a warning that my mailbox is full and it is sending out a message to people that are trying to send me email. How can I fix this? I have enough storage in both my godaddy and gmail account. This is the who I am getting the message from: "Microsoft Exchange 329e71ec88ae4615bbc 36ab6ce41109e@NETORG139679 .onmicrosoft.com" and the error message: "The recipient's mailbox is full and can't accept messages now. Please try resending your message later, or contact the recipient directly."

delete

Posted: Jan 9, 2016 at 8:46 AM by info

Received from an anonymous user:

"I recieved an email supposedly from Paypal saying i had sent $200 to some “ Rons Rising Stars “ ? in America. I checked my account and no money had been sent.On further inspection email was asking me to set up a “ paypal account “ so i wouldnt have to put details in every time i shopped online !! Which is odd seeing how i was supposed to have already sent them $200 through my Paypal account .I looked at the address bar and noticed it said pplll@pplll.onmicrosoft.com’', so i looked it up and “ onmicrosoft.com “ apparently lets fraudsters set up a web domain that looks quiet real to get people to send money or click on infected links Beware!"

delete

Posted: Sep 23, 2015 at 8:08 PM by an anonymous user from or near: Marlborough, Massachusetts, United States

Any other Geek Squad customers getting phished emails for billing from ransom malware hackers? Able to shut down Best Buy ("webroot") software exposing machine to hijacking when customer calls to complain about service being terminated. Hacks have access to their billing info? online service sessions?

delete