Skip to main content

New phishing scam uses IBM Cloud, Microsoft Azure to feign legitimacy

(Image credit: Image Credit: wk1003mike / Shutterstock)

There is a new phishing campaign going around, which leverages high-profile cloud services from Microsoft and IBM to feign legitimacy.

As recently reported by Bleeping Computer, the phishing campaign targets corporate employees, who receive an email warning that their inbox is full. Unless the issue is resolved, claims the fraudulent message, important emails could be lost.

The email contains two buttons: "RELEASE MESSAGES" and "CLEAN-UP CLOUD". Both  redirect the user to a legitimate Microsoft Dynamics 365 URL, but then to a phony landing page where victims are tricked into providing their login credentials.

The phishing landing page even has a “security” measure of its own. If the password entered does not match IBM Cloud’s password criteria (for example, it’s too short or doesn’t have both letters and symbols), it will return a “wrong password” error.

Once the victim types in a password that fits the criteria, they will be redirected to another fake page that appears to confirm the settings update, hosted on Microsoft Azure domain

By using reputable services from big name brands, the cybercriminals responsible lend the scam an air of legitimacy, meaning victims are far more likely to give up their data.

The fact that domains hosted on both Azure and IBM Cloud receive SSL certificates by default only adds to the effect.

Find IT courses online for free

We work with industry-leading providers to match your requirements with their courses. Just tell us what you need to develop your career, and our most suitable partners will contact you to see if you want to take things forward.

How it works
1. Enter your details below

Simply tell us a bit about you, what your career goals are, and leave some contact details.

How it works
2. We search our database

We'll match your requirements with the services our partners offer.

How it works
3. Partners will contact you

Only the companies who match your requirements will reach out.

Find A Course To Excel Your Career In Tech Or ITWe will match you with a course supplier that fits your needs
Sead Fadilpašić

Sead is a freelance journalist with more than 15 years of experience in writing various types of content, from blogs, whitepapers, and reviews to ebooks, and many more, across sites including Al Jazeera Balkans, TechRadar Pro, IT Pro Portal, and CryptoNews.