GoKawiilMicrosoft Azure Monitor alerts are being abused to send callback phishing emails that impersonate warnings from the Microsoft Security Team about unauthorized charges on your account.
Azure Monitor is Microsoft's cloud-based monitoring service that collects and analyzes data from Azure resources, applications, and infrastructure. It enables users to track performance, notify about billing changes, detect issues, and trigger alerts based on various conditions.
Over the past month, numerous people have reported receiving Azure Monitor alerts warning of suspicious charges or invoice activity on their accounts, urging them to call an enclosed phone number.
"Alert rule description MICROSOFT CORPORATION BILLING AND ACCOUNT SECURITY NOTICE (REF: MS-FRA-6673829-KP). Our system has detected a potentially unauthorized charge on your account. Transaction Details: Merchant: Windows Defender. Transaction ID: PP456-887A-22B. Amount: 389.90 USD. Date: 03/05/2026l," reads the fake billing alert.
"For your protection, this transaction has been temporarily placed on hold by our Fraud Detection Team. To prevent possible account suspension or additional fees, please verify this transaction immediately. If you did NOT authorize this payment, contact our 24/7 Microsoft Account Security Support at +1 (864) 347-2494 or +1 (864) 347-4846."
"We apologize for any inconvenience and appreciate your prompt response. Microsoft Account Security Team."
Microsoft Azure Monitor alert used in a callback phishing scam
Source: BleepingComputer
Unlike other phishing campaigns, these messages are not spoofed, but are sent directly by the Microsoft Azure Monitor platform using the legitimate [email protected] email address.
As the emails are sent through Microsoft's legitimate email platforms, they pass SPF, DKIM, and DMARC email security checks, making them appear more trustworthy.
... continue reading