Microsoft’s Azure Cloud is being actively exploited by hundreds of phishing websites, disguised as tech support.
Using the azurewebsites.net domain name amongst many; the scammers notify users that their device is infected with malware. They offer to “remove the virus” after provision of money.
Microsoft currently offer free accounts for 12 months, with $280 credit for all services used within 30 days. Scammers take advantage of a transport layer security digital certificate, so they’re able to authenticate websites for free.
When this issue was addressed in a tweet by MalwareHunterTeam, Microsoft simply responded that they should “report this scenario with our team”.
— MalwareHunterTeam (@malwrhunterteam) May 10, 2019
Whilst reported websites are reviewed and taken down, the issue has been ongoing since 2014; with scammers targeting Apple, PayPal, American Express and Comcast. In a bid to reduce cybercrime, Google has completely banned third-party tech support ads all together. This may be something that Microsoft should consider to secure their free webhosting service.