Avoiding Azure Application Scams

MS Azure logo with triangle

The use of Azure applications in phishing campaigns is on the increase. Phishing campaigns easily avoid detection because Azure applications don’t require Microsoft approval or code execution on the user’s device. Attackers send an unsolicited email with a bogus application configured to look trustworthy, hoping to trick the user into clicking on a malicious link that gives access to confidential data. Learning how to spot a bogus application and protect your data is critical.

What are Azure Applications?

Microsoft Azure is Microsoft’s public cloud platform. Using Windows and available technologies, it develops applications in a range of programming languages. The cloud supports collaboration from distributed locations, including workers’ homes, and these apps integrate data abundantly from the platform.

Phishing scammers try to get at the data through a type of scam called consent phishing. Via malicious apps — often emailed to an intended victim — hackers seek to trick users into granting access to sensitive data. Here are ways to protect Azure apps against these attacks.

Check all unsolicited emails carefully

It’s important to check all unsolicited emails thoroughly, no matter how urgent or legitimate they sound,. Look for poor grammar and spelling errors, which can indicate a suspicious application. Check the application name for slight deviations from a known name.

Use publisher-verified applications

Check to make sure the application in the email has been verified by the publisher. Only consent to applications that you recognize and trust.

Avoid clicking on any links to install the app until you have thoroughly investigated it and know it to be legitimate. It only takes one click to install a malicious link that takes control of a 365 account, giving the application permission to access all your data.

How to remove a malicious application

If you have accidentally granted permission to a malicious Azure application, do the following:

  • From the Azure portal, access Enterprise Applications in your Azure Active Directory tab.
  • Delete the application.

How to report a phishing scam

If you receive a phishing email:

  • Forward the email to the Anti-Phishing Working Group at reportphishing@apwg.org.
  • Report the phishing attack to the FTC at ftc.gov/complaint.

With the popularity of cloud-based applications and the expansion of a work-from-home environment, it’s vital to be alert for Azure app fishing scams and prepared to guard against them.