Azurewebsites.net ~ malicious email ???

[Box Brownie]

Hi all

I was not sure where to post this question?

I had an email from an old employer (made redundant in 2016), not too surprising perhaps but it had the 'look' of a phishing email i.e. one that is spoofing their email address etc

It was titled "Documents available for reviewing" and has a clickable link graphic whose address was an HTTPS one <descriptive but not clear title of doc>.azurewebsites.net

Firstly, I have emailed the sender separately from this email (i.e. not by doing a "reply") asking if they indeed sent it or is that they have unwittingly been 'zombied'. Not heard back yet???

Plus Googled it and it seems like an innocuous email though there is at least a few older reports (last was 2015 I think) that spoke of Malware or Virus associations with Azurewebsites.net

So, just being cautious but has anyone experienced malicious emails with that title and content?

TIA

 

[StewartR]

A business who made you redundant 2 years ago isn't going to be sending you an email with that title.
Delete it and move on.

 

[Foxbat Flyer]

I have previously received emails with the same "documents available for review" message - I binned them immediately on the basis that I was not expecting anything. I think you are right to be suspicious.

I had a strange one today, it appears to be an email from a Feefo, asking me to review a holiday home rental from 2.5 years ago. Apart from the extended time period it seems genuine, but I will not be clicking on the link.

Chris

 

[Box Brownie]

Thanks both for the insights.

The business is a smaller family business i.e. not one with in depth IT and tech support in house..................(though not in my job description ~ i was their inhouse guy for years who liaised with their outsourced IT guys )

As a courtesy, if I hear nothing from the sender I will let the MD know about it in case they have an issue!

 

[Tori_T]

What IP address do the headers point to the email having come from?
Could be a phone or computer has had it's address book stolen, and the From: addy is spoofed.

 

[Box Brownie]

What IP address do the headers point to the email having come from?
Could be a phone or computer has had it's address book stolen, and the From: addy is spoofed.

I have reverse WHOIS looked up all the IP addresses showing in the email content and bearing in mind that Azurewebsites I have learned is an MS company. And Outlook.com is featured in the email content.
MS Ireland
MS Redmond
MS Hong Kong
And one is Indpendent, IANA one???

The senders email address is correct!

 

[Tori_T]

Ah. I meant the senders listed addy may well be correct, it just wasn't sent by them.

 

[Box Brownie]

Update

I have learned via a colleague from that job that I am still in social contact with that that person's email "had been hacked for the second time in 2 weeks...."

Sorted!

 

[Tori_T]

 

[Box Brownie]

Especially if you bear in mind this is a business email address and they do international business including with the Far East.

It may be flagged as Spam but as it contains a clickable link and nothing malicious embedded malware/virus scanning does not show up anything.

Sadly, there are all too many recipients of such emails that will click on links without thinking..................I recall on more than a handfull of occasions I had to remind my colleagues there about "taking care...............and to look for the warning signs..........and even (as in this case) it appears legitimate >>>> don't click the link but let the sender know that you are getting such an email...." The flipside of course is that the sender likely does not know, unless told by someone, they are sending them so need to take proactive action to remedy the problem.

 

[Retune]

azurewebsites.net is the default domain you get if you create a website on Microsoft's cloud platform - presumably the malware pushers have just signed up for an Azure account as customers. You might want to report the suspected abuse to Microsoft so the site can be taken down: https://cert.microsoft.com/