TL;DR: A new phishing scam is exploiting Azure Monitor, a legitimate Microsoft tool, to send real emails from a real Microsoft domain that pass straight through your spam filters. The emails warn of billing problems or suspicious account activity and push you to call a number urgently. Because the email genuinely comes from Microsoft's own infrastructure, most security tools won't flag it. If you get one, don't click or call. Log into Azure directly through your browser and check, or ask your IT provider to verify it first.
___________________
We've covered plenty of phishing scams over the years, but this one deserves your full attention. It's not relying on a dodgy-looking link or a poorly disguised sender address. It's using a genuine Microsoft tool to deliver a genuinely real email, which is exactly why it's catching people out.
What's actually happening
Azure Monitor is a legitimate part of the Microsoft Azure ecosystem. Businesses running cloud infrastructure use it to track performance and get notified the moment something needs attention, an unexpected spike in usage, a service going down, that kind of thing.
The feature being exploited is the ability to customise what an alert says and who it goes to. Azure Monitor lets account holders set a trigger (say, a new invoice being generated) and then write their own message to go with it.
Scammers have worked out they can set up a basic trigger, write a fake billing or security warning, and fire it out to mailing lists they control. Because the email is sent through Azure Monitor's actual infrastructure, it isn't spoofed. It's not pretending to be from Microsoft. It genuinely is from Microsoft's systems, just with a fraudulent message sat inside it. That's precisely why so many spam filters wave it through.
Not sure where to start?
Let's talk it through.
A quick, no-obligation call with our team.
No pitch, just answers.
Why this one's harder to spot
The email usually mentions something urgent, an unrecognised invoice, a flagged security issue, a suspended account, and tells you to call a number to sort it out. The pressure is the point. Act now, call this number, fix this immediately.
If your business uses Azure day to day, getting an alert email isn't unusual. That familiarity is exactly what makes this scam work. You're not looking at a clumsy fake. You're looking at a real notification system being used against you.
We've seen the same approach before with other trusted platforms, PayPal and Google among them. Borrow a service people already trust, and use it as the delivery van for the scam.
What to do if one lands in your inbox
Stop before you act. That's the single most useful thing you can do here.
Don't call any number listed in the email. Don't click through. Instead, open a new browser tab, go to your Azure account directly, and check for alerts from there. If there's a genuine issue, it'll be sitting in your account waiting for you. If you can't see anything matching what the email described, you've got your answer.
Still not sure? Get your IT support provider to check it before you do anything else. That's a five minute job for us and considerably less stressful than calling a number that turns out to belong to someone in another country entirely.
The bigger picture
Phishing has moved well past obvious spelling mistakes and clumsy formatting. These days some of these emails are polished, well-timed, and arrive through systems you already trust. That's a harder thing to train people to spot, because the usual red flags aren't there.
Would your team know to pause and verify rather than pick up the phone? If you're not confident in the answer, that's worth fixing before it becomes a problem rather than after. Get in touch and we'll help you find out.