Get all your news in one place.
100's of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Watch out for suspicious Microsoft Azure Monitor alerts – it could be this shifty new callback phishing attack

Microsoft BleepingComputer PayPal
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system.
  • Phishing campaign abuses Microsoft Azure Monitor alerts
  • Fake “suspicious charges” emails bypass protections using legitimate domain
  • Attackers craft alerts with custom messages, similar to past Google Tasks and PayPal abuse

Microsoft Azure Monitor is the latest in the long line of legitimate tools being abused in phishing attacks. If you are used to getting notifications from this platform, be careful, as the emails are quite convincing and relatively difficult to spot.

Microsoft Azure Monitor is a cloud-based service that collects and analyzes data from applications and infrastructure, helping users monitor performance, detect issues, and respond to problems in real time.

In recent times, users have been getting emails directly from this platform, notifying them of “suspicious charges” and “invoice activity”.

Using mailing lists

The emails encourage the recipients to call the phone number provided in the alert, to sort the “problem” out. Many also state that the accounts are temporarily suspended, or that the funds are being placed on hold.

Since they are coming directly from Microsoft Azure Monitor, using a legitimate, trusted domain, these alerts largely bypass email protection services and land directly into people’s inboxes.

But these are not “real” alerts. As explained by BleepingComputer, who’s seen these campaigns in action, anyone can create alerts in Azure Monitor for “easily triggered conditions” such as new orders, payments, generated invoices, and other billing alerts. Whoever creates the alerts can also create the message to be sent in the description field, and that is where the fake warning is usually placed.

Finally, the attackers can set up the alert to be sent out to people on specific mailing lists. In this case, these lists are owned by the attackers, as well.

So, the MO is like this: set up an alert, trigger it, and send the notification to everyone on a predefined mailing list.

It is a simple and effective technique that we’ve seen being used before. In late February, TechRadar Pro reported on a similar campaign abusing Google Tasks, and before that, PayPal.

Via BleepingComputer

Sign up to read this article
Read news from 100's of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
If you're copy-pasting from AI, you aren't learning. Try these "active" shifts instead
Learn how to use AI as a study partner that enhances learning instead of replacing it.
Tom’s Guide
Tom’s Guide
Arnold Schwarzenegger: 'Lucille Ball was like a mother to me'
Arnold Schwarzenegger adored working with Lucille Ball and described her as being "like a mother" to him.
BANG Premier
BANG Premier
As An Old School Red Hot Chili Peppers Fan, The New Netflix Doc Is The Story I Needed To Hear
Fight like a brave!
Cinemablend
Cinemablend
Kansas City cat rescued by firefighters after fleeing vet visit
Kitteh in trouble they were there on the double.
We Got This Covered
We Got This Covered
Woman brought a shower caddy to Costco’s food court, and 2 million people are now reconsidering everything they know about shopping
It’s a simple hack.
We Got This Covered
We Got This Covered
‘Men in women dominated field’: Woman picked the club, thinking it was just a fun first date. Then he scams her twice
"A creative way to have a free night out"
We Got This Covered
We Got This Covered
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.
Download on the AppStore Get it on Google Play