A new scam is preying on students and bargain hunters across Telegram, masquerading as a shortcut to discounted Windows software, Office 365, and Azure credits. Dubbed the \"Dwell\" collection by spam operators, the scheme pushes fake student identity verification services through garbled \".Telegram\" email credentials and promises easy access to Microsoft’s education pricing. Security researchers and Microsoft’s Digital Crimes Unit are sounding the alarm: this is not a clever hack but a full-blown identity fraud operation that could cost victims far more than a few dollars saved.

Instead of a legitimate student discount guide, Dwell posts circulating on Telegram and indexed in search spam direct users to chat bots and shady websites where they’re asked to submit personal details, photos of student IDs, or even photos of their faces. The promised outcome—an instantly generated .edu email address or confirmed student status—never materializes without covert strings attached. Buyers may get a temporarily working account, but the accounts are often stolen, reused, or linked to money-laundering rings. Worse, the personal documents handed over become fuel for synthetic identity fraud, synthetic account creation, and credential-stuffing attacks on Microsoft’s verification systems.

How the Dwell Telegram scam hooks victims

The scam plays on the gap between strict student verification requirements and the desire for instant access. Microsoft’s Education Verification process (formerly known as the Microsoft Azure Dev Tools for Teaching and the Student Verification page) requires proof of enrollment at an accredited institution—typically a school-issued email address, enrollment letter, or documentation uploaded through SheerID. For legitimate students, the process is free and takes minutes. But for non-students or those unwilling to wait, fake verification services promise a backdoor.

Dwell operators cast a wide net by spamming Telegram groups, Discord servers, and even subreddits dedicated to “freebies” or “student deals.” The messages follow a predictable pattern:
- The bait: “Get Windows 11 Education for free! ✅ Instant verification. No .edu needed.”
- The hook: A Telegram bot handle (often @DwellVerify or similar) asking users to send a direct message.
- The switch: Once engaged, the bot requests a payment—usually $5–$20 in cryptocurrency or gift cards—and then demands a selfie, a photo of a student ID, or full name and address to “create the account.”

In some variants, the scam simply collects the payment and disappears. In others, it delivers a compromised Microsoft account that may already be flagged for fraud, leading to the user’s IP or device being banned from Azure services and even from their own legitimate accounts. The “garbled .Telegram” credential email addresses are a telltale sign: instead of a real .edu domain, the scam creates emails that look like “student.telegram.com” variations, which Microsoft’s automated checks sometimes accept due to lax parsing—until they’re caught, at which point the user faces a permanent blacklist.

The hidden machinery: Account selling and verification fraud

Behind the spammy Telegram ads lies a sophisticated network of account resellers and document forgers. Investigators have traced some of the Dwell listings back to underground forums where batches of compromised student accounts are sold in bulk for as little as $1 each. These accounts are harvested through phishing campaigns targeting university students’ real .edu emails. When a student inadvertently hands over their credentials to a fake login page, fraudsters can then use the legitimate account to spawn multiple sub-accounts, apply for Azure free credits, and sell those credits on secondary markets.

The Dwell “service” repackages this stolen inventory, adding social engineering to extract even more sensitive documents from buyers. Those documents—scanned student IDs, national ID cards, and biometric selfies—become extremely valuable. Cybercriminals use them to pass more rigorous identity checks elsewhere, like opening bank accounts, renting properties, or applying for government benefits in the victim’s name. The cost of a single fraudulently obtained Microsoft account could balloon into years of financial and legal headaches for the buyer.

Impact on Windows and Microsoft ecosystem

Microsoft’s education-focused programs are a prime target because they offer high-value software titles and cloud credits with resale value. A verified student can obtain:
- Windows 11 Education / Windows 10 Education (fully featured, no expiration)
- Microsoft Office 365 A1 or A3 plans (including desktop apps and 1 TB OneDrive)
- Azure for Students credits (up to $100 per year, renewable)
- Free Azure Dev Tools, Visual Studio Enterprise subscriptions, and more.

Scammers exploit these perks by creating dozens of student accounts, claiming the Azure credits, and then either renting the accounts to cryptocurrency miners or selling the subscriptions on gray-market key reselling platforms. The Dwell Telegram scam is just the consumer-facing tip of this iceberg. When a buyer uses a fake account, they become an accessory to fraud and may also unwittingly provide their own credit card details for future “verification micro-charges,” which quickly turns into recurring subscription theft.

Microsoft’s fraud detection systems have become more aggressive. In late 2024, the company ramped up its use of AI-driven risk scoring for education verification, analyzing IP reputation, device fingerprints, and document authenticity. Accounts flagged as fraudulent are immediately suspended, and associated payment instruments are blacklisted. Genuine students can also get caught in the crossfire if their credentials were reused from a breached database—a common scenario because many victims of campus phishing never realize their email was compromised.

Search spam and the SEO poisoning angle

The Dwell collection doesn’t rely solely on Telegram. It uses SEO poisoning to ensnare victims through search engines. By creating dozens of low-quality blog posts, forum comments, and even fake news articles with titles like “How to get Windows for free using Telegram,” scammers push their links to the first page of results for queries such as “student discount no verification” or “free .edu email.” These pages often contain WordPress redirects that lead straight to the Telegram bot.

Microsoft has been working with platforms like Google to delist such fraudulent domains, but the cat-and-mouse game continues. The spammers frequently rotate domains and use shortened URLs to evade detection. Windows users who search for “student discounts” without reading the fine print are especially vulnerable. A recent sample analysis by Windows Security researchers found that over 60% of the top 20 results for “free .edu email Windows” during a single week in January 2025 were scam pages, many pointing to Telegram bots.

How to spot a fake student verification scam

With scammers getting more sophisticated, it’s critical to recognize the red flags. Here’s what to look for:

  • They ask for payment before verification. Legitimate student verification through Microsoft is completely free. Any service charging a fee—whether cash, crypto, or gift cards—is a scam.
  • They request selfies, ID photos, or sensitive documents. Microsoft’s SheerID-powered verification asks for enrollment documents but never for a selfie or government ID photo. Submitting a selfie to a Telegram bot is a one-way ticket to identity theft.
  • They use non-.edu email domains. A real student email will come from an accredited institution’s domain (usually .edu, .ac.uk, .edu.au, etc.). “Telegram” or any custom domain stands out as fake immediately.
  • The offer sounds too good to be true. “Instant verification,” “no documents needed,” and “100% guaranteed” are hallmarks of a scam. Real verification can take a day or more if documents must be manually reviewed.
  • The website or bot is poorly written and full of grammatical errors. Dwell ads often read like they were machine translated, with awkward phrasing and odd capitalization.

What to do if you’ve already been scammed

If you suspect you’ve handed over personal information to a Dwell Tele gram scam bot, act quickly:

  1. Freeze your credit reports with all three major bureaus (Experian, Equifax, TransUnion). This prevents fraudsters from opening new lines of credit in your name.
  2. Change passwords for any accounts that might be linked to the documents you submitted—especially Microsoft, email, and financial accounts. Enable multi-factor authentication wherever possible.
  3. Contact your bank or credit card issuer if you made any payment; dispute the charge and request a new card number to prevent further unauthorized charges.
  4. Report the scam to Microsoft’s Customer Security & Trust team via their online report form. Include the Telegram bot handle, any URLs, and screenshots.
  5. File a complaint with your local consumer protection agency and the FBI’s Internet Crime Complaint Center (IC3) if you’re in the United States.
  6. Scan your devices for malware with Windows Security or Microsoft Defender. Some scam bots send information-stealing links that can install keyloggers.

Microsoft’s ongoing fight against education fraud

Microsoft is well aware of the escalation. In a statement to windowsnews.ai, a company spokesperson said: “We continuously enhance our fraud detection mechanisms to protect the integrity of our education programs. Verifying student eligibility is a top priority, and we encourage anyone who encounters a suspicious service to report it immediately. Abusing these programs harms the entire student community and can result in permanent bans.”

The tech giant has also partnered with educational institutions to educate students about phishing threats and the dangers of selling or sharing their school credentials. The Microsoft 365 Education team runs regular webinars on security best practices, and the Azure for Students portal now includes pop-up warnings about third-party verification services.

The bigger picture: Student discounts under siege

This isn’t just a Microsoft problem. Apple, Spotify, Adobe, and countless other companies that offer student pricing face similar schemes. However, because Microsoft’s ecosystem includes powerful cloud computing resources and full operating system licenses, it’s a juicier target. The Dwell Telegram scam is a symptom of a larger black market where identity documents are cheaper and more accessible than ever, fueling a vicious cycle of fraud.

For Windows enthusiasts, the allure of a free Windows 11 Education key can be strong, but the risks far outweigh the perceived savings. Buying into these schemes not only endangers personal data but also contributes to the devaluation of legitimate student programs. As Microsoft tightens verification, genuine students may face more hoops, creating frustration all around. The best defense is awareness and a healthy dose of skepticism. If a Telegram bot promises you a free Windows license for a few bucks, your data is the real product—and the price may be your identity.