Where do I report phishing attempts?

Paul Hein 25 Reputation points
2024-01-02T15:31:50.46+00:00

I received a targeted phishing attempt from an azurecomm.net service (see some header samples below) I could not find anywhere to really report these, they appear to be using 365 servers and I don't really know where to report that either.

How are these being reported or investigated? I changed the target email to "targeted user" for obvious reasons.

Authentication-Results: ppe-hosted.com; spf=pass
 smtp.mailfrom=519f57be-f4ea-4422-b984-75860a220e71.us1.azurecomm.net;
 dkim=pass header.d=azurecomm.net header.s=selector1-azurecomm-prod-net;
 dmarc=pass header.from=519f57be-f4ea-4422-b984-75860a220e71.us1.azurecomm.net
 header.policy=none; 
X-Virus-Scanned: Proofpoint Essentials engine
Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11acsn2176.outbound.protection.outlook.com [104.47.58.176])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mx1-us1.ppe-hosted.com (PPE Hosted ESMTP Server) with ESMTPS id 30B6190006E
	for <targeted user>; Tue,  2 Jan 2024 12:27:28 +0000 (UTC)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=Yb11szuEBqB8zrKaXnesRa9kSWiOGmycFvMkqGgVUQaOGvFwT6k7WJnNEZ6LOk1wLCOBEMuFnWZFLBkhhXK+Usk1Nn2gna3YXO3X7d5D8pA7Pz7XdMZAfZi4P+LzJ7UjWIo1jGNuWlQ1nm4pUt5nNbR8Kea0HFGfJ+o7o5R3/oT7zF2sJ/3kEiB4o+ej6BhGdasdT1ftxuROlY2WFxwi8EK36U3/dCGb0D9xmje/sC1NxbebETuF3UQydrfZRaLG/mgh7LltIhUhbiV7UKt8hj/5OSSvhS6oZ/YCfYNnx5M5GkmLxZGpYVcRrIrrw9synWqzhzipEFoP479Excv5Nw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=pffiV0hB1Dt4hwNGDjx5jbaLMgrqYTCrXL8G2GN3vB8=;
 b=EVbCi6JNZtr4wMw8uO2dvgXmzKk0Gpc98SuPnZHsGPsNCrRXYqe4aV4lUpGaieK3ciTSUodRjsRp4ZcSVYm9Yuby0WmpKG+9PJYIwSyIpbFR+ibNYlXqghLNfWsZos+vCw6yz+MApmGgAHffR34cGR4iMt0mFVtX8g5uBE5JOol6YIPTwraOwUuOU0ejM2Z2fQ9m5b2dmU2TsKjpZIFfK/nDJ2P1peWNDuo9t6t9iAYjVbPfHfLqAFc7hrfZ2iD14Qm0YfSxMYM5tU3775p7xwTWdw9zuVI6BbmTyCpOxsFqankTagA+P+MVrIA0I+L7UcRrizp/84YzeJevpdUrig==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none
 action=none
 header.from=519f57be-f4ea-4422-b984-75860a220e71.us1.azurecomm.net; dkim=none
 (message not signed); arc=none
Received: from PH8PR20CA0005.namprd20.prod.outlook.com (2603:10b6:510:23c::13)
 by PH7P221MB1255.NAMP221.PROD.OUTLOOK.COM (2603:10b6:510:304::21) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7135.24; Tue, 2 Jan
 2024 12:27:25 +0000
Received: from SN1PEPF0002BA51.namprd03.prod.outlook.com
 (2603:10b6:510:23c:cafe::33) by PH8PR20CA0005.outlook.office365.com
 (2603:10b6:510:23c::13) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7159.13 via Frontend
 Transport; Tue, 2 Jan 2024 12:27:25 +0000
X-MS-Exchange-Authentication-Results: spf=none (sender IP is 13.64.107.177)
 smtp.mailfrom=519f57be-f4ea-4422-b984-75860a220e71.us1.azurecomm.net;
 dkim=none (message not signed) header.d=none;dmarc=none action=none
 header.from=519f57be-f4ea-4422-b984-75860a220e71.us1.azurecomm.net;
Received: from idsworker-554f5bf778-x5hl4 (13.64.107.177) by
 SN1PEPF0002BA51.mail.protection.outlook.com (10.167.242.74) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.7159.9 via Frontend Transport; Tue, 2 Jan 2024 12:27:25 +0000
DKIM-Signature: v=1; a=rsa-sha256; d=azurecomm.net;
	s=selector1-azurecomm-prod-net; c=relaxed/relaxed; t=1704198445;
	h=from:to:cc:subject:date:message-id;
	bh=pffiV0hB1Dt4hwNGDjx5jbaLMgrqYTCrXL8G2GN3vB8=;
	b=+CDuk8nGOKqPBNIBo96PbB9YGphvi681O3D8mRJD9PODRkJUUPhGhRu+bv9OrJupgahFZayZ8a2
	FtKXkC3RyHEBR0MqJ69bomlndCpaSy6pkU7vtn3gzast5zzMaKTy+xNctdQQKtnav2yjDnD6qb8H3
	vM6+NIDjoq3nWuqwXGDp2WetgD9EWflcJ0MoJU1PIqTLlxaJZQcrlB97UuJUtZBojibGNGg7CRy3u
	5Sp56VL7WkpvE7M2gzkBD9gzxodSgYtilddByzYcbmJvD5uJ47kjPFaF4/U0Mh5nfPpppyrEmDdDy
	29sIdTY02AJqUigc7hABOgvZ8nqFgbrPa8cg==
Message-ID: <202401021227.de3450956bcc471398ba83de6f0b7d13-NVZWS5D4IFBVGRKNIFEUYLKQKJHUILSFGJDDAQJSHEZDSNBRHE2EGMSFHA3DERRQIJATENBZIFDECRRZHB6FG3LUOA======@microsoft.com>
Sender: SIgnNow
	<signnow@519f57be-f4ea-4422-b984-75860a220e71.us1.azurecomm.net>
From: SIgnNow <signnow@519f57be-f4ea-4422-b984-75860a220e71.us1.azurecomm.net>
Reply-To: SIgnNow
	<signnow@519f57be-f4ea-4422-b984-75860a220e71.us1.azurecomm.net>
To: target <targeted user>
Subject: *SIGNATURE REQUESTED* Reminder: Waiting for you to sign
 Bethelwoodscenter - DRAWDOWN NOTICE execution copy
Date: Tue, 2 Jan 2024 12:27:25 +0000
MIME-Version: 1.0
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: base64
X-MS-TrafficTypeDiagnostic: SN1PEPF0002BA51:EE_FirstParty-ACSPROD-V3|PH7P221MB1255:EE_FirstParty-ACSPROD-V3
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 606ec06c-238f-4a70-cd96-08dc0b8e2d49
X-MS-Exchange-SenderADCheck: 0
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: kmVg3rmLRTSwqdXFzaxZn2iNOT96P/GOugNx44weGOGitHVfbIHn2ZX0pDYlZ25yjzoo3PO/pFeuMXYpxUNCN1sUsu0HIjphLeKlhVb8hQGC06hBbma3WfMHAjznHJoEoiubanuGOi/6gUnzDmAIq3mflx8In78IdoRlQCmeXe/wuyGMBlki9IZGAD8++Jo+kBMlYRGLGuzmd+1rv8T56oA5OERdis+2B5EPN5gl7v4q4Nhdnli3AKixI6WPEctcYWxLZI6T3fv1rrZ3qi0kk8huwitrVF6dvz69Pzh+lEUEQyg3TuwBQUIXq0uSGd/YsFuR4ExpofdWV15XuLfpU8KcKGgBWkkHZB9niTkz0Hbku2f9lDwOKJVssQs4P3mTI3XUVNtEVfnJ/jsCi3G+lCFuYoeiEQX1kiESWd9ACKC+hRUfyIVQ3nZBydsOlyPKAYglhzEc0CdrepHIQGh+hDVgLaGBqgDV/R/W10NJZDulfZpj4vYzNAen50akeINoVOAYcjzTY1TwSm7jpAagzXb/Q2RymiHFl2wmOuI1Nf4Y/cEQWp1dXRMwc6ttaj1TDLhYEiZUuabjAK9pKefUY0W8chffKV/hIvEFdbJ/WjJfrLXsk8ETT9FIcCxBO5xpn6Jf4VZfD7v4qV1CBhAeEZXfrj39Jt/P8sGxtFsJ54ZJN9EWuTFdtqz0kbRNIH+MS9Ii7GVvGl1Uxe4UCBLv5A==
X-Forefront-Antispam-Report: CIP:13.64.107.177;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:idsworker-554f5bf778-x5hl4;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(396003)(136003)(376002)(346002)(42606007)(39860400002)(230473577357003)(230373577357003)(230922051799003)(451199024)(64100799003)(61400799012)(76236004)(83380400001)(2906002)(316002)(36736006)(9316004)(68406010)(8936002)(8676002)(6916009)(81166007)(6496006)(356005)(36756003)(956004)(86362001)(498600001)(41300700001)(7846003)(15650500001)(5660300002)(9686003)(3450700001)(336012)(4042699003)(166002)(6486002)(26005)(1076003)(32163005);DIR:OUT;SFP:1021;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: JZGA2bmCsAhhlJzzUM6GYWKM+H9ZzqZgZxJ1eFJBGuBLJ7Hz87sasNuOy7GdNEVKm5RGHIb5ZVdseKdMI8q7ZA0uhfv8B1nCG8Th2v+SyyaCIxz3P0kOZpEnO+BuW+b7YXokao6+W1L/MkY05qwUQgn0KKQg5syKHsJJVwQH93CIuxU7okLvffIFG4yOGmpNik4TQdwhfLbx2Hp7S3Fy5RCLUHt91gh+2q40KTYBJzSOX/+Qv/0JNqoB0JVHJbtZ6ByfcP3pbJiNnhgTFwUH9bE8vKF8p/V6b7LqX1wh77+shvO+IDgpR4mm1O8a0FtLaS7G9l8OgJG3wrk4YKrkXZTdw3TR/M3uxjCXQS1Aw4IdQ811BP7x2mGYoeHCCyZu3Sn32efk0SXkjvG3d3lHug==
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Jan 2024 12:27:25.1434
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 606ec06c-238f-4a70-cd96-08dc0b8e2d49
X-MS-Exchange-CrossTenant-Id: d36d7cc4-24da-420d-b079-f539546c1956
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=d36d7cc4-24da-420d-b079-f539546c1956;Ip=[13.64.107.177];Helo=[idsworker-554f5bf778-x5hl4]
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: TreatMessagesAsInternal-SN1PEPF0002BA51.namprd03.prod.outlook.com
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7P221MB1255
X-MDID: 1704198448-UpQmXYZ40IGf
X-MDID-I: us2;at1;1704198448;UpQmXYZ40IGf;<signnow@519f57be-f4ea-4422-b984-75860a220e71.us1.azurecomm.net>;d2c20b428a9cd97f988effd995d79377
Return-Path: signnow@519f57be-f4ea-4422-b984-75860a220e71.us1.azurecomm.net
Microsoft 365
Microsoft 365
Formerly Office 365, is a line of subscription services offered by Microsoft which adds to and includes the Microsoft Office product line.
3,835 questions
Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,160 questions
Azure
Azure
A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.
975 questions
Azure Managed Applications
Azure Managed Applications
An Azure service that enables managed service providers, independent software vendors, and enterprise IT teams to deliver turnkey solutions through the Azure Marketplace or service catalog.
113 questions
Windows 365 Business
Accepted answer
  1. kobulloc-MSFT 23,496 Reputation points Microsoft Employee
    2024-01-02T20:28:15.21+00:00

    Hello, @Paul Hein !

    Where should I report malicious activity or a possible security vulnerability to Microsoft?

    You can report malicious activity to the Microsoft Security Response Center using the MSRC reporting portal below:

    https://msrc.microsoft.com/report/

    User's image

    For additional information, you can view the MSRC FAQ:

    https://www.microsoft.com/en-us/msrc/faqs-report-an-issue#

    Thank you again for your report!

    I hope this has been helpful! Your feedback is important so please take a moment to accept answers.

    If you still have questions, please let us know what is needed in the comments so the question can be answered. Thank you for helping to improve Microsoft Q&A!

    User's image

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest