Share via

I keep getting well-crafted fishing emails from Azure alerts

mikeblas 1 Reputation point
2026-03-17T23:33:03.4433333+00:00

Is anyone else getting spurious alerts from Azure? They don't match any alarm I'd expect to get, so they seem to be fishing. But all the headers in the message make it seem very legit -- sent from Azure, all microsoft domains, and all the links I can find go to azure correctly. But the alarm being reported isn't something I have configured, and doesn't really make sense in the first place.

Here's the most recent one,

Alert rule description

MICROSOFT CORPORATION BILLING AND ACCOUNT SECURITY NOTICE. Our system has detected a potentially unauthorized charge on your account. Transaction Details: Item name: Windows Defender. Transaction ID: PPxxxx-xxxx-xxx. Amount: 459.90 USD. Date: 03/16/2026. If you did NOT authorize this payment, contact our 24/7 Microsoft Account Security Support at +1 (XXX) XXX-XXXX. We apologize for any inconvenience and appreciate your prompt response. Microsoft Account Security Team.

Why is it possible to associate an email address with an alarm when that email address hasn't been verified? This seems like a pretty egregious security issue.

Outlook | Web | Outlook.com | Account management, security, and privacy
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Bharath Y P 7,565 Reputation points Microsoft External Staff Moderator
    2026-03-18T13:14:12.1666667+00:00

    Hello mikeblas, Thank you for posting your query on Microsoft Q&A platform.

    What you’re describing closely aligns with a known scam pattern involving Azure alert emails.

    In these cases, attackers first gain access to an Azure subscription and then deliberately configure alert rules to send notifications to external email addresses (such as yours). They subsequently trigger those alerts. While the emails are technically generated by Azure, the alert message content itself is authored by the attackers.

    These emails typically include alarming language such as:

    • references to a “Fraud Prevention System” or “Windows Defender,”
    • warnings about large, suspicious charges,
    • threats of account suspension, and
    • a so‑called “Fraud Resolution” or “Support Hotline” phone number.

    The objective is to pressure recipients into calling that number, where the scam continues.

    Important guidance:

    • Do not call any phone number mentioned in the email.
    • Do not click any links included in the message.
    • Simply delete the email.

    It’s worth noting that these messages can appear convincing because they are sent from legitimate Microsoft email infrastructure. However, Microsoft does not include phone numbers or urgent call‑to‑action language like this in genuine Azure alert notifications.

    Reference: https://malwaretips.com/blogs/microsoft-azure-alert-was-triggered-scam-exposed-investigation/

    If the provided information helped, kindly consider marking the answer as "Accepted" and "Upvote" it. This helps other community members who may encounter a similar issue in the future.

    If you have any queries, please feel free to reach out us.

    Thanks,

     

    0 comments
  2. Bharath Y P 7,565 Reputation points Microsoft External Staff Moderator
    2026-03-17T23:56:22.8866667+00:00

    Hello mikeblas, Please refer the similar case which other community member facing that same issue.

    https://learn.microsoft.com/en-us/answers/questions/5826531/fake-(or-hacked)-azure-alert

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.