Just came here to say this. Once they pasted in the merchant info from their statement I thought - this has nothing to do with the publicly traded company and everything to do with fraud.
I filed a chargeback via AMEX against Microsoft just a few days ago. I couldn't figure out where a recurring charge was coming from. Microsoft support expressly suggested that I take this action against them.
I don't think it's malicious. I think it's incompetence that has been accumulating for a long time.
Surprising how this seemingly intelligent person repeats dozens of time how "Microsoft" is stealing their money when it's obvious to almost everyone that's just a scammer that got a hold of their credit card.
Spoofing a descriptor I get, the most confounding part to me is how the charges continued after rotating the amex account number - isn't the whole point of getting a new card that charges against the old account are refused? Did OP update their Microsoft account with the new number? Any other way for it to be leaked ?
Recurring charges often use some arrangement with the payment processor that doesn't actually use the literal card number after the first authorization. There's a bunch of contributing reasons but the obvious ones are security (no storing card numbers) and to make things easier for both companies and individuals when replacing cards, since most outright fraud is one-off charges.
I've had this happen to me before. I needed to cancel my credit card number and get a new one due to a fraud charge. I noticed that a bunch of valid subscriptions kept working despite me not updating the credit card number with them.
I've had a similar issue with Amazon. Amazon was charging me for someone else's Prime subscription, apparently they had somehow linked my Discover card to their Amazon account. Amazon was unable to unlink my card, and suggested I get a new Discover card number, which I did (twice) and both times continued to be charged by their system on a monthly basis. I just dispute it every month now.
Is there really no way for the bank to know whether the charge originates from a particular source, ie, Stripe vs Microsoft? The 2nd to last paragraph about blocking charges from Microsoft is a bit confusing.
msbill.info's DNS points to the same IP addresses as microsoft.com, and their servers give a specific 301 response for the header "Host: msbill.info", so msbill.info is almost definitely owned and operated by Microsoft. I don't think that confirms that the charges are coming from Microsoft, though.
Perhaps these are just Azure Front Door IP addresses? I don't have another site I can check, but it's possible that these IP addresses are used by lots of websites as part of the Azure infrastructure stack.
I actually did a quick check and most of them didn't show up as Azure, just general MS IPv4 blocks. I would hope MS keeps its own infrastructure separate from the public Azure cloud...