Microsoft Windows users are being targeted by a new scam using real Microsoft emails that include a “nasty surprise.”
Attackers hijack genuine Microsoft purchase confirmation emails and replace the billing contact details with their own fraudulent phone number.
The scam emails come from [email protected] and claim you made a large purchase—often hundreds of dollars—which you did not authorize. The goal is to panic you into calling the provided phone number.
If you call, the scammers will likely ask you to install malicious software or provide your account login details, leading to malware infection and stolen credentials.
Key points to remember:
- The email is genuine but altered by attackers only in the billing info section.
- Never call the phone number in suspicious purchase emails.
- Always verify charges through your official Microsoft account or trusted channels.
- If you don’t recognize a purchase, delete the email immediately.
This attack method is similar to recent Google email scams and highlights a growing trend in tech support fraud, which has surged by over 130% this year.
