Share via

I received an email communication from Microsoft Azure and would like to review its contents with a Microsoft support team member. How do I do that?

Russell Gazzara 10 Reputation points
2026-03-10T17:19:46.9866667+00:00

Received email from Microsoft Azure containing the following (partial transcription below):

azure-noreply@microsoft.com

Azure: Deactivated Severity: 2 Order Confirmed INV-735993d32d

Your Azure Monitor alert was resolved

Azure monitor alert rule Order Confirmed INV-735993d32d was resolved for inv735993d32d at March 10, 2026 13:16 UTC.
Alert rule description MICROSOFT CORPORATION BILLING AND ACCOUNT SECURITY NOTICE (REF: MS-FRA-6673829-KP). Our system has detected a potentially unauthorized charge on your account. Transaction Details: Merchant: Windows Defender. Transaction ID: PP497-887B-22NM. Amount: 349.90 USD. Date: 03/10/2026. If you did NOT authorize this payment, contact our 24/7 Microsoft Account Security Support at +1 (812) 263-5725 or +1 (812) 263-8724 . We apologize for any inconvenience and appreciate your prompt response. Microsoft Account Security Team .
Azure Monitor
Azure Monitor

An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. TP 155.3K Reputation points Volunteer Moderator
    2026-03-10T18:04:47.0233333+00:00

    Hi @Russell Gazzara

    DO NOT call either of those phone numbers. Please delete the messages.

    The content of the alert email is malicious. They are trying to get you to call them so they can scam you.

    Similar emails have been going out for several days now. The text of the message is written to sound "official", urgent and thus convince you to call the numbers.

    NOTE: The email is coming from real Azure email address, however, the content of the email was created by scammers.

    If you have any questions/concerns please add a comment below.

    Please click Accept Answer and upvote if the above was helpful.

    Thanks.

    -TP

    2 people found this answer helpful.
    0 comments
  2. Suchitra Suregaunkar 11,805 Reputation points Microsoft External Staff Moderator
    2026-03-11T01:31:10.79+00:00

    Hello Russell Gazzara

    Could you please let us know if the resolution shared by "TP" helpfull?

    It looks like a scam https://malwaretips.com/blogs/microsoft-azure-alert-was-triggered-scam-exposed-investigation/ So please don't call any phone number in the email and don't click on any links. They want you to call them so they can scam you.

    Thanks,

    Suchitra.

    0 comments
  3. Chris Van Zandt 0 Reputation points
    2026-03-10T20:18:20.4933333+00:00

    AI response: Scammers can use the legitimate azure-noreply@microsoft.com address by exploiting Microsoft’s own automated notification systems, such as Power BI sharing or Azure Monitor alerts, rather than spoofing the email address itself. They create free accounts, set up alerts, and insert malicious content into fields that are then emailed to victims via official Microsoft servers.

    Microsoft Learn +2

    How the Scam Works

    • Abusing Legitimate Features: Attackers create a Microsoft Power BI account, create a dashboard, and share it with the victim's email address. They use the "optional message" field to add their own phishing text (e.g., "$499.99 charge" or "account suspension").
    • Triggering Automated Emails: Attackers create an Azure subscription and set up alerts that use the official azure-noreply@microsoft.com address to send notifications to targets, making the alert look 100% genuine.
    • Hosting Fake Pages: Attackers may host malicious phishing pages on *.blob.core.windows.net, which allows them to use legitimate Microsoft SSL certificates to steal login credentials. Microsoft Learn +3
    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.