There’s a new type of scam doing the rounds… and this one’s a little more convincing than most.
It looks like a genuine alert from Microsoft Azure Monitor.
It comes from a real Microsoft domain, and it lands in your inbox without being flagged as suspicious.
That’s why it’s catching people out.
Azure Monitor is a tool businesses use to keep an eye on their systems.
It tracks performance, spots problems, and sends alerts when something needs attention.
If you’re running cloud services, especially in Microsoft Azure, these kinds of notifications are completely normal.
So, when an email arrives saying there’s a billing issue, suspicious activity, or a problem with your account, it doesn’t immediately raise alarm bells.
That’s where the problem starts.
These scam emails are designed to look urgent.
They might mention unexpected charges, invoices you don’t recognize, or even say your account has been suspended.
Then they push you to act quickly, usually by calling a phone number to “resolve” the issue.
The email itself can be genuinely sent through Azure Monitor.
That means it isn’t spoofed in the usual way.
It’s not pretending to be Microsoft. It’s using Microsoft’s own system to deliver the message. And because of that, many email security tools let it through without question.
Azure Monitor allows users to create alerts based on certain triggers. For example, a new invoice being generated or activity on an account.
Whoever sets up the alert can also customize the message that gets sent out.
Attackers are taking advantage of this.
They create alerts with very basic triggers, write their own warning message (which looks like a billing issue), and then send it out to mailing lists they control.
The result is a convincing, legitimate-looking email. It’s simple and it works.
We’ve seen similar tactics before using other trusted platforms like PayPal and Google tools.
The pattern is the same: Take a service people already trust and use it as the delivery method for the scam.
If you receive one of these alerts, pause.
That’s the most important step.
If an email is pushing you to act urgently, especially to call a number or share information, take a moment to verify it properly.
Go directly to your Azure account through your browser (not via any links in the email) and check for alerts there.
If there’s a real issue, it will show up inside your account.
And if you’re not sure, ask your IT support provider to check before you do anything.
This is a good reminder of how phishing attacks are evolving. It’s no longer badly written emails with obvious spelling mistakes. Some of these messages are polished, well-timed, and delivered through trusted systems.
Awareness is more important than ever.
If you’re not completely confident your team would spot something like this, we can help. Get in touch.