Microsoft 'tech support' scammers infest Azure hosting

Microsoft's Azure cloud is housing hundreds of "tech support" scam web sites that try to deceive users that their computers are infected with malware, and ask for money to resolve the problem.

Security researcher Michael Gillespie who runs the ID Ransomware website posted under the Malwarehuntr Twitter account several lists of domain names used by the scammers that are hosted on Azure.

The scammer sites use the azurewebsites.net domain name. Microsoft's Azure cloud currently offers free accounts for 12 months, with a A$280 credit for any services for 30 days.

As part of the package, scammers get a transport layer security digital certificate to authenticate the sites, for free.

Microsoft's Azure social media team responded to Gillespie, asking him to report the sites at a specific link.

We recommend that you report this scenario with our team. You can report this through https://t.co/QwJfXy3jbc ^FC

— Azure Support (@AzureSupport) May 11, 2019

In iTnews testing, many of the sites listed by Gillespie were marked as being dangerous by Google Chrome which blocked access to them with a warning interstitial.

Cancelling the warning and proceeding to load the sites showed they were no longer available, and Gillespie told iTnews that someone had sent multiple people at Microsoft emails about Azure hosting scammer sites and that it wouldn't surprise him if they were down.

However, Gillespie was able to find many other scam sites that were still up, including a batch of 82 discovered on May 15.

The problem of scammers and phishers being hosted on Azure is not new.

Web metrics site Netcraft posted about phishers taking advantage of free Azure webhosting in April 2014, targeting big brands such as Apple, Paypal, American Express, Comcast and others.

Last year, Google decided it would no longer accept ads placed by third-party tech support providers, as the online giant is unable to tell which are for real and which direct users to fraudsters.