Microsoft Azure infrastructure hijacked to send phishing alerts
Impersonating: Microsoft
What is this scam?
A sophisticated phishing campaign abuses legitimate Microsoft Azure infrastructure: attackers create Azure accounts, configure automated alert rules, and add victim email addresses as recipients, causing genuine Microsoft system emails to land in inboxes. Because the messages originate from real Microsoft servers they bypass spam filters and carry no obvious signs of spoofing, making them exceptionally difficult to identify as fraudulent without inspecting the embedded links.
Example scam message
Microsoft Azure: An automated alert has been triggered on your subscription. Immediate action is required to prevent service interruption. Verify your account now: azure-account-verify.xyz/login
Red flags to look out for
- The email appears to come from a legitimate Microsoft address but contains a link to a non-Microsoft domain.
- Microsoft never asks you to verify account details via an alert email link — log in directly at portal.azure.com.
- The message creates urgency around account suspension or service interruption.
- Even if you don't have an Azure subscription, you may still receive this — it's sent broadly.
What to do if you receive this
- Do not click any links in the email.
- Go directly to portal.azure.com or account.microsoft.com to check your account status.
- Forward the email to report@phishing.gov.uk.
- Report it to Action Fraud at actionfraud.police.uk.
Received this message?
Forward it to 7726 (free on all UK networks) to report it to your mobile provider.
You can also report it to Action Fraud
or email the NCSC at report@phishing.gov.uk.
Not sure if your message is a scam?
Check it instantly with our free AI-powered detector.
Check a message nowSource: Action Fraud