Microsoft’s Azure Cloud is being actively exploited by hundreds of phishing websites, disguised as tech support.

Using the azurewebsites.net domain name amongst many; the scammers notify users that their device is infected with malware.  They offer to “remove the virus” after provision of money.

Microsoft currently offer free accounts for 12 months, with $280 credit for all services used within 30 days.  Scammers take advantage of a transport layer security digital certificate, so they’re able to authenticate websites for free.

When this issue was addressed in a tweet by MalwareHunterTeam, Microsoft simply responded  that they should “report this scenario with our team”.

Whilst reported websites are reviewed and taken down, the issue has been ongoing since 2014; with scammers targeting Apple, PayPal, American Express and Comcast.  In a bid to reduce cybercrime, Google has completely banned third-party tech support ads all together.  This may be something that Microsoft should consider to secure their free webhosting service.

Source: itnews

Comments