Beware of OnMicrosoft.com Office 365 Malicious and Spam Emails

I've today discovered that my wife has the following as an email address:

yubm.yubm@yubms.onmicrosoft.com. How do I know that this address has or is being used to scam us or others? What do we look for? How can we determine?

Thanks

hxxp://reward3455.ourtime95.live/

I receive an email purportedly from Microsoft Edge requesting I complete a survey and would win a iPhone Xs. On completion of survey, I was asked to submit an order for $1 To get the phone.

When I hit submit I got an email joining a dating site. Help!!

I have received the following email. Comments, please?

"Hi‌ the‌re

I am a‌ ha‌cke‌r who‌ bro‌ke‌ yo‌u‌r e‌ mai‌l a‌nd de‌vi‌ce a‌ few we‌e‌ks a‌go.

You‌ type‌d i‌n yo‌ur pa‌ssco‌de‌ o‌n o‌ne‌ of the‌ si‌te‌s yo‌u‌ vi‌si‌ted, a‌nd I i‌nte‌rcepte‌d i‌t.

He‌re‌ i‌s the‌ pa‌sswo‌rd from *@blueyonder.co.uk u‌po‌n mo‌me‌nt o‌f ha‌ck:

No‌ do‌u‌bt yo‌u‌ ca‌n can change i‌t, or a‌lrea‌dy cha‌nge‌d it.

Bu‌t thi‌s wi‌ll not ma‌tte‌r, my o‌wn ma‌li‌cio‌u‌s softwa‌re‌ u‌pdate‌d it e‌very ti‌me‌.

Do‌ not ne‌ce‌ssa‌rily try to‌ ge‌t i‌n to‌u‌ch with me‌ o‌r e‌ve‌n fi‌nd me‌.

Thro‌u‌gh your e-ma‌i‌l, I uplo‌a‌ded malici‌o‌u‌s co‌de‌ to‌ yo‌u‌r Ope‌ra‌tion Syste‌m.

I sa‌ve‌d a‌ll of yo‌u‌r curre‌nt co‌nta‌cts toge‌ther with fri‌e‌nds, co‌-wo‌rke‌rs, fa‌mi‌ly me‌mbe‌rs plu‌s a‌ e‌nti‌re re‌co‌rd of visits to‌ the‌ Wo‌rld-wi‌de‌-web re‌so‌urces.

Also I se‌t up a Vi‌ru‌s on yo‌u‌r syste‌m.

You‌ a‌ren't my only pre‌y, I ge‌ne‌ra‌lly lock co‌mpute‌rs a‌nd a‌sk fo‌r a‌ ranso‌m.

None‌thele‌ss I wa‌s struck by the‌ we‌b si‌te‌s of clo‌se‌ ma‌te‌ri‌al tha‌t yo‌u‌ fre‌qu‌e‌ntly check o‌ut.

I a‌m i‌n su‌rpri‌se‌ of you‌r cu‌rre‌nt fa‌nta‌si‌e‌s! I have‌ ne‌ve‌r ever no‌ti‌ce‌d a‌nythi‌ng a‌t a‌ll li‌ke‌ thi‌s!

Thu‌s, whe‌n yo‌u‌ ha‌d e‌njo‌yme‌nt o‌n pi‌qua‌nt we‌bsi‌te‌s (yo‌u‌ kno‌w wha‌t I a‌m ta‌lki‌ng a‌bo‌ut!) I cre‌a‌te‌d scre‌en sho‌t wi‌th u‌sing my pro‌gra‌m from yo‌u‌r ca‌me‌ra‌ o‌f yours de‌vi‌ce‌.

The‌re a‌fter, I co‌mbi‌ne‌d the‌m to‌ the co‌nte‌nt of the‌ pa‌rticula‌r cu‌rre‌ntly vi‌e‌we‌d web si‌te.

There will be‌ la‌u‌ghte‌r when I se‌nd these‌ pi‌ctu‌re‌s to‌ yo‌ur acquai‌nta‌nce‌s!

BUT I beli‌eve‌ yo‌u‌ do‌ no‌t wa‌nt it.

Thu‌s, I e‌xpe‌ct pa‌yme‌nt fro‌m yo‌u‌ i‌nte‌nde‌d fo‌r my qui‌e‌t.

I co‌nside‌r $4498 is an su‌i‌ta‌ble‌ co‌st fo‌r thi‌s!

Pa‌y with Bi‌tcoi‌n.

My Bitco‌i‌n walle‌t: 1PJ3kGge3cM2ENoVyHtzFuoXA8g5rQp8Fu

In ca‌se‌ yo‌u do‌ no‌t re‌a‌lly kno‌w ho‌w to‌ do‌ thi‌s - submi‌t i‌n to‌ Go‌o‌gle‌ 'how to‌ send mo‌ne‌y to‌ a bi‌tcoin wa‌lle‌t'. It i‌sn't diffi‌cult.

Fo‌llo‌wing ge‌tti‌ng the‌ gi‌ve‌n a‌mo‌u‌nt, all you‌r i‌nfo‌rma‌ti‌o‌n wi‌ll be‌ stra‌i‌ght a‌wa‌y e‌limi‌na‌ted a‌uto‌ma‌ti‌cally. My compute‌r vi‌ru‌s will a‌lso cle‌a‌r a‌wa‌y i‌tse‌lf thro‌u‌gh yo‌u‌r os.

My Co‌mpute‌r vi‌ru‌s ha‌ve‌ a‌u‌to a‌le‌rt, so‌ I kno‌w when thi‌s parti‌cular e‌-ma‌i‌l i‌s re‌a‌d.

I gi‌ve you‌ two‌ days (Fo‌rty ei‌ght hrs) i‌n orde‌r to ma‌ke a‌ pa‌yme‌nt.

If thi‌s do‌e‌s no‌t o‌ccu‌r - a‌ll yo‌u‌r contacts wi‌ll ge‌t ri‌diculo‌u‌s photo‌s fro‌m yo‌ur darke‌r secre‌t li‌fe‌ a‌nd yo‌u‌r devi‌ce‌ wi‌ll be‌ blo‌cke‌d a‌s we‌ll a‌fte‌r 48 ho‌urs.

Do‌ no‌t e‌nd up be‌i‌ng stu‌pid!

Co‌ps o‌r pa‌ls wo‌n't a‌ssi‌st yo‌u‌ fo‌r ce‌rta‌i‌n ...

PS I ca‌n pro‌vide‌ yo‌u re‌co‌mme‌ndation fo‌r the fu‌ture‌. Neve‌r type‌ i‌n you‌r pa‌sswo‌rds o‌n u‌nsa‌fe‌ we‌b pa‌ges."

Here is another scam:

-----Original Message-----

From: melissab@oregonwestmanagement.onmicrosoft.com

Sent: 26 July 2018 12:20 PM

Subject: Summon

RE: Notice of Intent to Sue

Account Number 638887ZA11

Good Day

This letter serves as the formal notice of an intent to file a lawsuit against your company in court, due to your not paying an owed invoice as previously requested.

A hearing date has been confirmed for On July 26 2018, and if you wish to resolve this matter without court action, our client will expect refund within thirty (30) days of this notice. The Court summons letter is in the below Microsoft document transfer link, kindly verify your receiving email client on the attached to redirect and download summons. View the attached

document for more details.

Regards

Magistrate Court

Justice Firm Debt Collection Agent

why doesn't Microsoft allow *.onmicrosoft.com or _.onmicrosoft.com be a legitimate domain that we can block?

Received via email:

"Please help me and tell me how to get rid of these spam emails from my Mozilla Email account. I am being bombarded with various mail from all these sources ending in .onmycrosoft .com. Here are some of them.

Fox@brandy,onmicrosoft.com

marianakur@marianakur.onmicrosoft.com

carmela.smoot@smootsarl.onmicrosoft.com

Devin@DevinHiggins.onmicrosoft.com

Saulalinsky@manyasarl.onmycrosoft.com

They all are using my Email as the SENDER"

Receiving multiple spam emails. Kindly provide the specific wording for creating a rule to block "onmicrosoft.com" emails. Using "onmicrosoft.com in the recipients address" did not work. Thanks so much!

I get onmicrosoft emails all the time, sometimes several per day (I got 3 today). I block each one from my Outlook and my network server. Unfortunately, this doesn't stop more from showing up, because each email is from a different individual. Does anyone know how they got my info and keep passing it around? Also, do you want me to forward each one I get to you? It would definitely clog up your server!

I received a survey email solicitation from purportedly "info@conservative.ca" which in fact was "unjunkeopdirect@outlooksen.onmicrosoft.com". I did not open the survey attachment.

RS

Here is another scam, please do not follow the instructions in it:

-- start of scam --

"From VIP@gnetworks.onmicrosoft.com

THANK YOU FOR BEING A VALUED DIRECTV CUSTOMER

America’s #1 Satellite TV Service!

Thank you for being a valued DIRECTV Customer and I am confident that you will find your DIRECTV experience to be exceptional. As the Executive Vice President of Goodman Networks, your authorized Installation and Service Provider for DIRECTV, my goal is to ensure you receive the highest quality installation, education and customer service in the industry. Your Service, 1-2P9OCUJC, was completed out of our Tyler office.

If for any reason you do not feel our technician met your needs with the service they performed, we want to address and resolve them as soon as possible. In an effort to assist you, please send an email to our Executive Office using the email address below and provide the following information so we can respond to you without delay.

~ Billing Phone Number, DIRECTV Account Number, and your preferred contact information ~

For billing questions please contact DIRECTV at 1-800-531-5000

Goodman Networks Contact Information

Email: VIP@goodmannetworks.com

Mail: 2801 Network Blvd., Suite 300 Frisco, TX 75034

Thank you again for choosing Goodman Networks and DIRECTV. We recognize that you have a

choice in television service providers and we appreciate your business.

Sincerely,

Chris Grant, Executive Vice President

Goodman Networks"

-- end of scam --

Hi,

I got email like this, and it said send via caffelli.onmicrosoft.com.

Is this a spam?

Please help me to figure out.

"Intel Optane Treasure Hunt Contest

Winning Mail

Pen Corbin <pen@caffelli.com>

Congratulations! You’ve been selected as a Grand Prize winner in the Intel® Optane Treasure Hunt Contest! Below are the prize fulfillment process and steps required from you to confirm your eligibility and claim your prize.

My name is Pen and I work for Caffelli, an Advertising Agency based in Portland, Oregon—we organized and managed the contest in conjunction with Intel. I’ll be walking you through the process to claim your prize, please follow the steps outlined below within 5 business days. Please note, if we don’t hear back from you in that time frame, we’ll move to an alternate winner.

US Residents – Everything below can be sent via email. No hard copies are required:

Confirm that you are 18 and a United States resident

Fill out the attached W9

Fill out the attached affidavit of eligibility

Provide a scanned copy of your driver’s license or government issued ID

–OR–

Canadian Residents – Everything below can be sent via email. No hard copies are required:

Confirm you are at least the age of majority in your province and a Canadian resident

Fill out the attached W8-BEN

Fill out the attached affidavit of eligibility

Provide a scanned copy of your driver’s license or government issued ID

Confirm your province. (Residents of Quebec are not eligible as outlined in the contest Terms & Conditions)

Congratulations again on your win!

Pen Corbin

Event and Branded Merchandise Coordinator

P 503.914.6010

M 503.501.1767

F 503.419.4666

www.caffelli.com"

I received this email from Apple today. In which I know is NOT Apple... Then I found your article. I thought since this is 2017 and still circulating, it wouldn't be a bad idea to post it... diglaw@naturetot.onmicrosoft.com

So, if we do "...look out for suspicious email messages that are sent from email addresses ending with "onmicrosoft.com, " how can we get our ISPs to block spammers whose domains ends as "onmicrosoft.com?

My ISP only lets me block either the full domain alone, or the senders full address, but not "all" addresses that END in onmicrosoft.com

Currently, I have over 50. I have to block individually.

Here are two examples:

adam21@fddqfsdfsfdsdf.onmicrosoft.com

adam22@fairefaire.onmicrosoft.com

Does anyone know how you can do this?

Thank you.

Received email titled "Your Office 365 Business".

Message says Total email held:14

Date: 01-27-2017

Tells me to continue to link below to view important contact messages

Otherwise all 14 messages will be deleted.

I assume a scam and trashed it.

I have tried many times to block these unwanted emails. Has there been a solution?

How do I setup a filter to delete all emails from 365 or .onmicrosoft.com

Receive via email:

"Hi, I've been getting more and more emails that end in .onmicrosoft.com. Because the 1st parts of the email address are always different, I can't seem to block them. I use cox.net as my internet server & I've reached the 99 blocked email limit due to the different email addresses and I've used webmail to report these as spam, yet the number of emails seem to multiply daily. It would be a real hassle for me to change my email address and take most likely a day to change the email I do want to get at the various sites that use it to contact me. Is there an easier solution? Does microsoft actually care about this problem and will they be doing anything to prevent further spam-phishing? thank you Liona"

I use Outlook for mail. You need to dig a bit to go beyond blocking just an individual sender. The menu "Junk" doesn't offer that option. Here are the steps: Junk -> Junk Email Options -> Blocked Senders -> @onmicrosoft.com

OK, so I understand how these malicious emails (onmicrosoft.com) are created, but my question is HOW DO I STOP THEM?

About a week ago I started getting so many spam emails from onmicrosoft.com and they just keep coming.

How do you stop this?

Thank you for posting this.

Recieved 12/10/16:

"Hi, there.

My name is Jean Rafon, I'm from France.

Last week I Bought an old book from street here in Paris and I found your email inside of it, i'm curious to know if this is a real person,

and what relate you with this book!

Looking forward to hearing from you! Thanks

Jean (harry145225swangeropera74 @outlook.com)"

Received via email:

"Today I received an email from a person named Jean Rafon from France. Claims to have found my email in an old book. So I researched this name and found you. I will forward the letter. Am I in any danger of this person? Do you know any more about them? Thank you!"

I've received the Jean Rafon email just this evening. What would the scam be?

Received via email:

"I am receiving emails from this email address, ~CheaTlng.MlLfs~ , and others with the onmicrosoft. How can I stop this?"

From: Andree@Supporet.onmicrosoft.com. Received this email today:

"Hi there

My name is Jean Rafon, I'm from France.

Last week I Bought an old book from street here in Paris and I found your email inside of it, i'm curious to know if this is a real person,

and what relate you with this book!

Looking forward to hearing from you! Thanks."

I tried googling the spam to see if anyone else received this weird email and didn't find anything. So I wanted to post it somewhere so people are aware.

In the past 24 hours, I have gotten eight spam emails from various onmicrosoft.com addresses. Just thought you'd like to know.

In the last two and a half days, I've gotten 19 spam messages from a <domain name>@onmicrosoft.com. Somehow my email address has been distributed to the bad guys, and I'm being flooded.

I have receiving emails from address below asking me to complete a W8 form and then a W9 form:

John Lee <jlee@abcimaging.Com> via abcimaging.Onmicrosoft.Com

These scammers think I'm stupid. It didn't look like what Apple have. I have reported the fraudulent email below:

-- start of message --

"Date: 12 July 2016 at 8:15:43 PM NZST

To: "support@costumer service" <costumer-service@LoginesIncID.onmicrosoft.com>

Subject: Re: Your Apple ID has been used to buy '' black gold ''‏‏

On 11/07/2016, at 7:38 AM, support@costumer service <costumer-service@LoginesIncID. onmicrosoft.com> wrote:

Your Apple ID has been used to buy '' black gold '' by Diego from the iTunes Store on a computer or device that has not been previously associated with him.

you can also receive this message if you have reset your password from your last purchase.

this purchase was made in following countrie : Hong kong

if you are the source of the downoald , you can ignore this email. He was sent as precaution to protect you from any unauthorized purchases.

if you are not behind this purchase, we recommend you go here

Best regards,

Apple"

I have been receiving phishing and fake FBI alerts spams from "specialinvestigators .onmicrosoft.com" accounts.

I have complained to Microsoft dozens of times and I ever get back is canned responses such as the following:

"Thank you for your report. Based on the message header information you have provided, this email appears to have originated from an Office 365 or Exchange Online tenant account.to report junk mail from Office 365 tenants, please send an email to junk@office365.microsoft.com and include the junk mail as an attachment.

You can get more information about dealing with junk email from Office 365 and Exchange Online accounts here: https://technet.microsoft.com/ en-us/library/jj200769 (v=exchg.150).aspx"

Sending the complaint to the junk@ email address does nothing as well. There may be a legal issue here as Microsoft has been given ample warning of crimes being committed on their equipment yet they fail to act to curb this wave of criminal activity.

I am getting a warning that my mailbox is full and it is sending out a message to people that are trying to send me email. How can I fix this? I have enough storage in both my godaddy and gmail account. This is the who I am getting the message from: "Microsoft Exchange 329e71ec88ae4615bbc 36ab6ce41109e@NETORG139679 .onmicrosoft.com" and the error message: "The recipient's mailbox is full and can't accept messages now. Please try resending your message later, or contact the recipient directly."

Received from an anonymous user:

"I recieved an email supposedly from Paypal saying i had sent $200 to some “ Rons Rising Stars “ ? in America. I checked my account and no money had been sent.On further inspection email was asking me to set up a “ paypal account “ so i wouldnt have to put details in every time i shopped online !! Which is odd seeing how i was supposed to have already sent them $200 through my Paypal account .I looked at the address bar and noticed it said pplll@pplll.onmicrosoft.com’', so i looked it up and “ onmicrosoft.com “ apparently lets fraudsters set up a web domain that looks quiet real to get people to send money or click on infected links Beware!"

Any other Geek Squad customers getting phished emails for billing from ransom malware hackers? Able to shut down Best Buy ("webroot") software exposing machine to hijacking when customer calls to complain about service being terminated. Hacks have access to their billing info? online service sessions?