The email address, “[email protected]”, is commonly used by Microsoft to send account-related notifications, including two-factor authentication codes and security alerts. However, scammers have reportedly found ways to misuse the company’s notification system to deliver fraudulent messages that appear authentic.

Reports shared on social media in recent weeks indicate that recipients have received emails from the official Microsoft address containing references to Bitcoin investments, third-party websites, or suspicious phone numbers. The emails reportedly mimic Microsoft’s standard formatting and branding, making them appear credible to unsuspecting users.

Because the messages originate from a legitimate Microsoft-owned email address, they may be more likely to bypass spam and phishing filters commonly used by email providers. 

According to a January 2026 report from cybersecurity firm Abnormal, attackers had already been exploiting Microsoft’s notification infrastructure to send phishing emails designed to trick users into revealing personal or financial information.