Microsoft Azure Monitor alerts abused in callback phishing campaigns
Summary
Threat actors are leveraging Microsoft Azure Monitor alerts to conduct callback phishing campaigns. These phishing emails mimic genuine security notifications, warning recipients of unauthorized charges and prompting them to call a fraudulent number to "resolve" the issue.
IFF Assessment
FOE
This is bad news for defenders as it represents a novel and potentially effective phishing tactic that exploits a trusted cloud service's notification system.
Defender Context
Defenders should be aware of this evolving phishing tactic that impersonates legitimate cloud service alerts. It's crucial to educate users about the potential for these sophisticated social engineering attacks and to monitor for unusual outbound communications originating from cloud monitoring services.