Microsoft Azure Monitor alerts are being abused by cybercriminals to conduct callback phishing attacks that impersonate warnings from the Microsoft Security Team about unauthorized charges on user accounts. The attackers exploit Azure Monitor's legitimate alerting system to send emails that appear to come from Microsoft's official infrastructure.
The phishing campaign leverages the trust associated with genuine Azure Monitor notifications to bypass email security filters and increase victim credibility. These emails typically warn recipients about suspicious account activity or unauthorized charges, prompting them to call a provided phone number for immediate assistance.