Watch out for suspicious Microsoft Azure Monitor alerts – it could be this shifty new callback phishing attack

No, Azure Monitor did not just notify you

News By Sead Fadilpašić published 23 March 2026

• Copy link
• Facebook
• X
• Whatsapp
• Reddit
• Pinterest
• Flipboard
• Threads
• Email

Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter

Get the TechRadar Newsletter

Sign up for breaking news, reviews, opinion, top tech deals, and more.

Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors

By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

You are now subscribed

Your newsletter sign-up was successful

An account already exists for this email address, please log in. Subscribe to our newsletter

• Phishing campaign abuses Microsoft Azure Monitor alerts
• Fake “suspicious charges” emails bypass protections using legitimate domain
• Attackers craft alerts with custom messages, similar to past Google Tasks and PayPal abuse

Microsoft Azure Monitor is the latest in the long line of legitimate tools being abused in phishing attacks. If you are used to getting notifications from this platform, be careful, as the emails are quite convincing and relatively difficult to spot.

Microsoft Azure Monitor is a cloud-based service that collects and analyzes data from applications and infrastructure, helping users monitor performance, detect issues, and respond to problems in real time.

In recent times, users have been getting emails directly from this platform, notifying them of “suspicious charges” and “invoice activity”.

Article continues below

Using mailing lists

The emails encourage the recipients to call the phone number provided in the alert, to sort the “problem” out. Many also state that the accounts are temporarily suspended, or that the funds are being placed on hold.

Since they are coming directly from Microsoft Azure Monitor, using a legitimate, trusted domain, these alerts largely bypass email protection services and land directly into people’s inboxes.

But these are not “real” alerts. As explained by BleepingComputer, who’s seen these campaigns in action, anyone can create alerts in Azure Monitor for “easily triggered conditions” such as new orders, payments, generated invoices, and other billing alerts. Whoever creates the alerts can also create the message to be sent in the description field, and that is where the fake warning is usually placed.

Finally, the attackers can set up the alert to be sent out to people on specific mailing lists. In this case, these lists are owned by the attackers, as well.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsors