Forum Discussion
Serious Abuse of Microsoft/OneDrive Email Infrastructure for IRS Phishing Scam
I want to report a very serious phishing/security concern involving what appears to be Microsoft/OneDrive email infrastructure.
On Sat, May 2, 2026 at 11:03 PM, I received a phishing/scam email pretending to be an IRS tax notice. Today is May 17, 2026, and I am posting this because this issue is extremely concerning and could easily fool many users.
The alarming part is that the email was sent from:
email address removed for privacy reasons
The email contained fake IRS-related warnings such as:
- “URGENT: UNVERIFIED IRS 2026 TAX DOCUMENT”
- “Final Reminder”
- “Immediate Attention Needed”
- “Review Tax Document”
It attempted to pressure users into clicking a fake “Review Tax Document” button.
What is deeply concerning is:
- The sender appears to come from an official Microsoft domain (notificationmail.microsoft.com)
- The branding and formatting look legitimate
- Non-technical users could easily trust and click this
- AOL itself displayed a security warning and disabled the links
My questions to Microsoft are:
- How is it possible for phishing emails to originate from or appear to originate from notificationmail.microsoft.com?
- Is Microsoft infrastructure being abused?
- Were compromised Microsoft/OneDrive accounts used?
- Why are such emails passing authentication checks strongly enough to appear legitimate?
This is not a normal spam message. This directly impacts trust in Microsoft notification systems and can lead to credential theft or malware infections.
I hope Microsoft investigates this seriously and explains how such abuse is possible from a Microsoft-associated notification domain.
Users should:
- Never click such links
- Verify tax notices only through official government portals
- Carefully inspect email headers and domains
- Report suspicious Microsoft-branded phishing emails immediately
Blair Glennon almmicrosoft Microsoftyan