- Phishing campaign abuses Microsoft Azure Monitor alerts
- Fake “suspicious charges” emails bypass protections by using a legitimate domain
- Attackers create alerts with personalized messages, similar to past abuses of Google Tasks and PayPal.
Microsoft Azure Monitor is the latest in a long line of legitimate tools exploited in phishing attacks. If you are used to receiving notifications from this platform, be careful, as the emails are quite convincing and relatively difficult to spot.
Microsoft Azure Monitor is a cloud-based service that collects and analyzes application and infrastructure data, helping users monitor performance, detect issues, and respond to them in real time.
Lately, users are receiving emails directly from this platform, informing them of “suspicious charges” and “billing activities”.
Article continues below
Use mailing lists
The emails encourage recipients to call the phone number provided in the alert, to resolve the “problem.” Many also report that accounts are temporarily suspended or funds are placed on hold.
Since they come directly from Microsoft Azure Monitor, using a legitimate and trusted domain, these alerts largely bypass email protection services and land directly in users’ inboxes.
But these are not “real” alerts. As BleepingComputer, which has seen these campaigns in action, explains, anyone can create alerts in Azure Monitor for “easily triggered conditions” like new orders, payments, generated invoices, and other billing alerts. Whoever creates the alerts can also create the message to be sent in the description field, and this is where the fake warning is usually placed.
Finally, attackers can configure the alert to be sent to people on specific mailing lists. In this case, these lists also belong to the attackers.
So the MO is: set up an alert, trigger it, and send the notification to everyone on a predefined mailing list.
It’s a simple and effective technique that we’ve seen used before. In late February, TechRadar Pro reported a similar campaign abusing Google Tasks and, before that, PayPal.
Via BeepComputer
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
