Watch out for suspicious Microsoft Azure Monitor alerts – it could be this shifty new callback phishing attack
- Phishing campaign abuses Microsoft Azure Monitor alerts
- Fake “suspicious charges” emails bypass protections using legitimate domain
- Attackers craft alerts with custom messages, similar to past Google Tasks and PayPal abuse
Microsoft Azure Monitor is the latest in the long line of legitimate tools being abused in phishing attacks. If you are used to getting notifications from this platform, be careful, as the emails are quite convincing and relatively difficult to spot.
Microsoft Azure Monitor is a cloud-based service that collects and analyzes data from applications and infrastructure, helping users monitor performance, detect issues, and respond to problems in real time.
In recent times, users have been getting emails directly from this platform, notifying them of “suspicious charges” and “invoice activity”.
Article continues below
Using mailing lists
The emails encourage the recipients to call the phone number provided in the alert, to sort the “problem” out. Many also state that the accounts are temporarily suspended, or that the funds are being placed on hold.
Since they are coming directly from Microsoft Azure Monitor, using a legitimate, trusted domain, these alerts largely bypass email protection services and land directly into people’s inboxes.
But these are not “real” alerts. As explained by BleepingComputer, who’s seen these campaigns in action, anyone can create alerts in Azure Monitor for “easily triggered conditions” such as new orders, payments, generated invoices, and other billing alerts. Whoever creates the alerts can also create the message to be sent in the description field, and that is where the fake warning is usually placed.
Finally, the attackers can set up the alert to be sent out to people on specific mailing lists. In this case, these lists are owned by the attackers, as well.
So, the MO is like this: set up an alert, trigger it, and send the notification to everyone on a predefined mailing list.
It is a simple and effective technique that we’ve seen being used before. In late February, TechRadar Pro reported on a similar campaign abusing Google Tasks, and before that, PayPal.
Via BleepingComputer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
Phishing campaign abuses Microsoft Azure Monitor alerts Fake “suspicious charges” emails bypass protections using legitimate domain Attackers craft alerts with custom messages, similar to past Google Tasks and PayPal abuse Microsoft Azure Monitor is the latest in the long line of legitimate tools being abused in phishing attacks. If you…
