Scammers exploit Azure blob stores, Optus accounts

By on
Scammers exploit Azure blob stores, Optus accounts

Scammers are using compromised Optus accounts and Microsoft Azure blob storage to dupe unsuspecting users into clicking malicious links.

Advisories from email and web filtering software vendor Mailguard this week highlighted two scams being conducted under the name of the telco and software giant, respectively. 

One scam, reported yesterday, has been impersonating Microsoft and OneDrive and one drive to convince recipients to click a link in order to access a remittance advice file that had supposedly been shared with them.

The link in the email leads them to a fake website, some of which are hosted on Microsoft's Azure blob store in order to fool a user with a real "windows.net" URL. The full email would look like:

“https://proofpoint XX.blob.core.windows.net/advice/view.html”

The fake website pretends to be a portal for Microsoft Office 365, complete with a pop-up prompting users to enter their login details.

"[The scam] is a good reminder of how innocent-looking, plain emails can, in fact, be malicious, despite where they purport to be from," Mailguard said.

"As simple as they may seem, these attacks are happening all too regularly, and with devastating effect."

In a separate case reported yesterday, a set of emails, arriving in multiple variations from remittance advice to car insurance document scams, claimed to originate from Optus. The emails were all the more compelling because they were coming from the "optusnet.com.au" domain.

"MailGuard understands they originate from a large number of compromised email addresses using the same domain," the scam advisory read.

"The format of these emails is similar, with most appearing in plain-text form," the Mailguard advisory read. "They advise the recipient of a document that is available for them, with a link to access the said document. In most cases, the links lead unsuspecting recipients to a malicious file download."

The email doesn't include an attachment but has a link to a Google Docs hosted Word document containing macros.

The scam report came in a week where a number of Optus customers had taken to social media to report issues with their Optus accounts, wherein they would log into their Optus accounts to be greeted by another name, suggesting account tampering.

 

 

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © CRN Australia. All rights reserved.
Tags:

Most Read Articles

You must be a registered member of CRN to post a comment.
| Register

Poll

The channel is a juicy hacking target - are you improving security?
YES - recent attacks on MSPs spurred us to action
YES - we're ALWAYS improving our security stance
YES - we've noticed new forms of attack
NO - we're confident our past efforts are enough, but are always vigilant
NO - we don't see the need for change at this time
View poll archive

Log In

Username / Email:
Password:
  |  Forgot your password?