
A phishing scam making the rounds is catching people off guard because the emails aren’t coming from some fake Microsoft lookalike domain.
They’re coming through Microsoft Azure itself.
For businesses that use Azure, that matters. Azure Monitor is a legitimate Microsoft service that sends alerts about account activity, billing events, system performance, and other issues. Most IT teams see these notifications regularly, so an alert landing in your inbox doesn’t automatically seem suspicious.
That’s exactly what scammers are counting on.
The emails often claim there’s a billing problem, an unexpected charge, suspicious account activity, or even that your account has been suspended. The goal is usually the same: get you to call a phone number listed in the message.
And that’s where things go sideways.
What’s interesting about this scam is that the email can actually be delivered through Microsoft’s own alerting system. It isn’t a traditional spoofed email pretending to be Microsoft. When someone checks the sender, it may very well appear to be a legitimate Microsoft service.
Attackers are abusing Azure Monitor’s alerting features to do it.
Azure allows users to create alerts based on specific events. Whoever creates the alert can also customize the notification that’s sent out. Criminals have figured out they can create simple alerts, write their own alarming message, and distribute those notifications to large lists of email addresses.
The result is a message that looks far more trustworthy than the average phishing attempt.
We’ve seen variations of this before. A few years ago, scammers were doing similar things with PayPal invoices and Google services. The delivery platform changes, but the idea stays the same: use a service people already trust and let that service do the hard work of getting the message past spam filters.
If you’re a business owner, imagine this scenario.
Your office manager receives an email that appears to come from Microsoft. It mentions a charge your company doesn’t recognize and includes a phone number to call immediately. They’re busy, they’re trying to solve a problem, and the email looks legitimate. That’s often all it takes.
If you receive one of these alerts, don’t use any phone number listed in the message. Instead, open your browser and go directly to your Azure portal. If there’s a genuine billing issue or account problem, you’ll see it there.
If you’re not sure what you’re looking at, send the message to your IT provider before responding.
One thing we’ve noticed over the past few years is that many phishing emails aren’t getting more technically sophisticated. They’re getting more believable. The grammar is better. The formatting looks professional. And increasingly, they’re being delivered through systems people already know and trust.
That’s why a healthy dose of skepticism is still one of the best security tools your business has.
Share this post


