Beware: Scammers are sneaking fake phone numbers into legit Microsoft purchase emails

The feature image is AI-generated using Microsoft Designer

A new scam has come into light, in which scammers try to install malware into a victim’s system with the help of legitimate Microsoft purchase emails. According to a Kaspersky blog post (via Forbes), they’re inserting fake support contact numbers into genuine Microsoft billing emails.

Microsoft email purchase scam is hard to detect initially due to a legitimate email

The Microsoft 365 app purchase email scam starts with the Redmond tech giant’s actual email: [email protected]. The message confirms a supposed subscription purchase, often with a large number of licenses, to raise an alarm in the victim’s head. In one example, the total came to $587.95 for 55 Microsoft 365 licenses.

The heart of the scam lies in the Billing section. Attackers replace the billing address with a phone number and instructions to call “Microsoft” for help. This works because Microsoft’s no-reply emails don’t allow replies, leaving the victim with only that phone number as a next step.

People who call the number are met with social engineering tactics. Per the blog post, one Reddit user said they were sent an EXE file after calling. The scammer told the user to install support software, likely a Remote Access Trojan (RAT).

When the scammer asked them to check their bank account for a refund, the victim realized the danger. They hung up before logging in, potentially avoiding credential theft.

How scammers send real Microsoft emails

Scammers often convince victims because the email is real. Attackers may be using trial accounts or stolen credentials to send purchase confirmations. They then change only the billing section, where they can safely add their phone number.

Another theory suggests scammers hack real Microsoft 365 accounts and use the “resend billing” feature to target victims directly.

What you can do

These scams prove attackers don’t need to spoof—they just exploit legitimate services. To stay safe from a Microsoft 365 app purchase email scam, companies should:

• Train staff to detect suspicious billing messages
• Warn employees never to call phone numbers from random billing notices
• Use strong endpoint protection on all devices
• Monitor Microsoft 365 activity for abuse of billing features

We hope you don’t fall victim to such fake emails and keep the aforementioned things in mind.