Share via

Reported phishing websites that violate blob storage service but no feedback

and206pp 6 Reputation points
2022-11-09T03:16:12.787+00:00

Hi, I reported a phishing page with the URL: hXXps://sfpresswest-secondary.z28.web[.]core.windows.net/ several times in the last few months via the "Submit Abuse Report(CERT)" portal (https://msrc.microsoft.com/report/abuse)

But all I got is an email saying "case closure" and no a single time receive any solid response.

blob storage has been used for phishing activities for a while, if you give it a search on google you will find so many people discussing phishing websites hosted on blob storage service with the domain "window.net".

Is there any effective way I can submitted this case to Microsoft and actually get there attention and have the phishing websites that target my organization removed?

Thanks.

Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
2,639 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sumarigo-MSFT 45,416 Reputation points Microsoft Employee
    2022-11-09T08:38:53.6+00:00

    @and206pp Welcome to Microsoft Q&A Forum, Thank you for posting your query here.

    Microsoft has a variety of specialized teams to protect the security and privacy of our customers. Our Fraud and Abuse teams work 24/7 and are dedicated to investigating and remediating violations of Azure’s Terms of Use. The use of Azure resources for malicious purposes is explicitly against Azure’s Terms of Use, and Microsoft takes action against accounts found to be in violation of these terms.

    Through systems such as Microsoft SmartScreen and Office 365 Advanced Threat Protection, Microsoft actively collects, analyzes, and protects customers from unsafe links and attachments. Microsoft uses these systems, along with industry-wide cybersecurity threat information sharing programs, extensive automation, and machine learning systems to proactively detect, identify, and fight abuses of Azure resources.

    Microsoft partner and end-user signals are also another vital data source for our security teams. If you have a site or URL you wish to report as unsafe, please visit: https://www.microsoft.com/en-us/wdsi/support/report-unsafe-site. To report cyberattacks or abuse originating from Microsoft Online Services, such as Microsoft Azure, Bing, Outlook, One Drive, or Office 365,

    >Please visit: https://portal.msrc.microsoft.com/en-us/engage/cars.

    In addition to the Fraud and Abuse team, Microsoft’s Digital Crimes Unit (DCU) is leading the fight against cybercrime, partnering with local and global law enforcement agencies, security firms, researchers, NGOs, and customers in order to take swift action to combat cybercrime worldwide. The DCU uses advanced analytics and artificial intelligence to identify, investigate, disrupt and dismantle sophisticated online criminal networks.

    You can keep informed about Microsoft’s latest cybersecurity efforts by subscribing to Microsoft On the Issues.

    If you have any additional questions or need further clarification, please let me know.

    Please do not forget to 258625-accept-answer.png and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.