I've been receiving calendar invites that seem to be from Microsoft, but the email address actually looks weird and kind of sketchy. The invitation prompts me to activate a Microsoft 365 subscription and comes from 'Microsoft Billing ' but that address just doesn't seem right. This is the third or fourth invite I've gotten like this. Has anyone else experienced this? What could be happening here?
5 Answers
I wonder if someone linked to that email address got hacked. Which seems more likely to you—this being a spoof of a Microsoft email or an actual compromise?
Yeah, I've seen these pop up too! We started getting at least one a day in our system a few weeks ago. It seems like a new spam tactic that's getting around, and it’s definitely concerning.
You might want to check your SPF/DKIM records. If they aren't set up properly, it can allow these types of emails in. From what I gather, this might be an issue on your end since it's not usual for Microsoft to send these out.
A few weeks back, we had something similar where invites were sent from '[email protected]' directing folks to install enterprise apps which were actually phishing attempts. This could just be the same kind of scheme using a legit Microsoft system, like the ones we've seen before. Be careful!
Make sure to check your SPF records! My previous admin was allowing SPF failures through, but after we tightened up those rules, we haven't gotten any of these weird invites since.
Honestly, I think it's more likely a compromise. Spoofed addresses are common, but actual breaches are pretty serious.