For months now, scammers have been exploiting a loophole in Microsoft’s internal system to send spam emails from what appear to be legitimate Microsoft addresses. These emails, purportedly notifications about account alerts, were sent from an address usually reserved for important user messages.

The emails contained subject lines and links that could easily trick unsuspecting users into thinking they are genuine Microsoft communications. The Spamhaus Project reported similar incidents dating back several months, indicating the problem is not new but has been largely unnoticed until now.

Microsoft’s response so far has been tepid at best; when approached by TechCrunch, a spokesperson acknowledged the issue but did not provide further details or confirm if any actions have been taken to address it. This latest incident follows in a long line of similar scams where hackers use company systems for their nefarious purposes.

Other companies such as Betterment and Namecheap have also faced similar issues, with scammers using email addresses from these firms to launch phishing attacks. The question remains: can any system be completely secure against such determined adversaries?