This is the notifications bar Test link >>

Articles, Uncategorized

New Threat: Microsoft Azure Custom Domains

Attackers are leveraging Microsoft Azure custom domains to create phishing and malware links that are difficult to spot.

Photo of a building interior with large Microsoft logo
Photo by Franck V. on Unsplash

One of the first things we tell people to do when they get a suspicious email or link is to make sure it’s a legitimate domain. But with attackers exploiting Microsoft Azure’s Custom Domain Name feature, it’s harder than ever to be sure.

Microsoft offers users the ability to configure a custom domain name for their Azure storage accounts, and cyber attackers are taking advantage. Attackers have begun to create realistic custom URLs to host their phishing sites—often sent using Microsoft’s web servers—that look like a legitimate Microsoft login page.

Attackers send realistic-looking emails (Update your info! Log in to read this important alert! Click here to get your voicemails! Sign in to update your payment info!) that include a link to log into your Microsoft account. The link uses an actual Microsoft domain, such as “web.core.windows.net”, “blob.core.windows.net,” or “.azurewebsites.net”.

They look so legitimate, we almost fell for it ourselves.

Once you click the link, you’re brought to a page that mimics the Microsoft login portal. It steals the emails and passwords entered in and uploads them to an external compromise site.

AppRiver conducted an investigation, and found 284 emails exposed, along with their geolocation data. And since many users attempted to log in using several different passwords, hackers now have visibility into the passwords they might use for other accounts.

What can you do?

  1. Turn on two-factor authentication for all your accounts!
  2. Take no action. You’re always safe if you don’t click suspicious links or attachments.
  3. If it’s an email you’ve never received before or that seems strange, don’t click or enter your login credentials, even if it seems urgent. Instead, ask your IT team if it’s legitimate.
  4. Instead of using a link from an email to log into your account, open up a browser and log in from a known, trusted website (e.g. portal.office.com).
  5. And lastly, if you think your account information has been compromised, CHANGE YOUR PASSWORDS.

Best of luck!

Related Resources

Close-up photo of a glass door that says

Hackers Using LinkedIn to Spread Malware

Attackers posing as recruiters on LinkedIn are conducting a social engineering scam using potential job openings as bait.

Learn More
Two clear, long-stemmed martini glasses on a table with a plate of green olives.

Everything You Need to Know About the Spectre + Meltdown Vulnerabilities

Two recently discovered vulnerabilities, dubbed Spectre and Meltdown, are not the James Bond villains their names suggest. But they are very serious vulnerabilities that organizations should address ASAP.

Learn More
Close up photo of a WiFi module on a computer motherboard

Everything You Need to Know About the Krack WiFi Vulnerability

Learn More