{"id":83905,"date":"2026-02-10T17:59:55","date_gmt":"2026-02-10T20:59:55","guid":{"rendered":"https:\/\/tech.einnews.com\/article\/891140138"},"modified":"2026-02-10T17:59:55","modified_gmt":"2026-02-10T20:59:55","slug":"threat-actors-weaponize-bing-ads-for-azure-tech-support-scams","status":"publish","type":"post","link":"https:\/\/new7.shop\/zerocostfreehost\/index.php\/2026\/02\/10\/threat-actors-weaponize-bing-ads-for-azure-tech-support-scams\/","title":{"rendered":"Threat Actors Weaponize Bing Ads for Azure Tech Support Scams"},"content":{"rendered":"

A sophisticated tech support scam campaign has emerged, exploiting malicious advertisements on Bing search results to redirect victims to fraudulent websites hosted on Microsoft\u2019s Azure Blob Storage platform. <\/p>\n

The attack, first detected on February 2, 2026, affected users across 48 organizations in the United States within hours, demonstrating the effectiveness of weaponizing legitimate advertising channels for cybercrime.\u200b<\/p>\n

The scam begins when users search for common terms like \u201camazon\u201d on Bing and click on what appear to be legitimate sponsored results. <\/p>\n

These malicious advertisements redirect victims to a newly registered domain, highswit[.]space, which hosts an empty WordPress site server<\/a> as an intermediary. <\/p>\n

From there, users are redirected to Azure Blob Storage containers displaying fake technical support warning pages.\u200b<\/p>\n

\n
\"Typical
 Typical tech support scam site (Source :Netskope).<\/figcaption><\/figure>\n<\/div>\n

This attack technique, known as malvertising, has become increasingly sophisticated as threat actors exploit search engine advertising platforms to position their malicious content at the top of search results. <\/p>\n

By purchasing ad space, criminals bypass the need for search engine optimization and automatically achieve premium visibility.<\/p>\n

Infrastructure and Scale<\/strong><\/h2>\n

All malicious URLs followed a consistent pattern: xxxxxxxxxxxxxxxxxx.blob.core.windows.net\/yyyyyyyyy\/werrx01USAHTML\/index.html, indicating a standardized deployment method. <\/p>\n

Researchers identified over 70 unique Azure Blob Storage container<\/a> domains associated with this campaign. <\/p>\n

The scam pages instructed victims to call phone numbers, including 1-866-520-2041 and 1-833-445-4045, where fraudsters would claim the victim\u2019s computer was infected and demand payment for unnecessary services.\u200b<\/p>\n

Azure Blob Storage has become an attractive platform for threat actors due to its legitimate infrastructure and the difficulty in distinguishing malicious content from legitimate uses. <\/p>\n

Microsoft Threat Intelligence has warned about increased malicious activity targeting Azure services, with criminals exploiting misconfigurations and over-permissive access controls.<\/p>\n

Industry Impact and Response<\/strong><\/h2>\n

The campaign affected multiple sectors including healthcare, manufacturing, and technology. Netskope Threat Labs detected the campaign<\/a> through their monitoring systems, which flagged the pages as \u201cET PHISHING Microsoft Support Phish Landing Page\u201d. <\/p>\n

All reported Azure Blob Storage domains were disabled by Microsoft following disclosure.\u200b<\/p>\n

Tech support scams remain a persistent threat, with search engines continuously battling fraudulent advertisers. <\/p>\n

Microsoft previously banned third-party tech support ads from Bing<\/a> in 2018 after blocking over 15 million malicious ads. <\/p>\n

However, this incident demonstrates that threat actors continue finding ways to circumvent protective measures by disguising their ads and exploiting legitimate cloud infrastructure.<\/p>\n

Security experts recommend typing website addresses directly into browsers rather than relying on search results to avoid malicious advertisements entirely.<\/p>\n

Follow us on Google News<\/a>, LinkedIn<\/a>, and X<\/a> to Get Instant Updates and Set GBH as a Preferred Source in Google<\/a>.<\/strong><\/p>\n

<\/a><\/strong> <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

A sophisticated tech<\/span> support scam campaign has … including healthcare, manufacturing, and technology<\/span>. Netskope Threat Labs detected the … by Microsoft following disclosure.\u00e2\u0080\u008b Tech<\/span> support scams remain a … previously banned third-party tech<\/span> support ads from Bing …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"","fifu_image_alt":"","footnotes":""},"categories":[1],"tags":[],"class_list":["post-83905","post","type-post","status-publish","format-standard","hentry","category-news","wpcat-1-id"],"_links":{"self":[{"href":"https:\/\/new7.shop\/zerocostfreehost\/index.php\/wp-json\/wp\/v2\/posts\/83905","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/new7.shop\/zerocostfreehost\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/new7.shop\/zerocostfreehost\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/new7.shop\/zerocostfreehost\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/new7.shop\/zerocostfreehost\/index.php\/wp-json\/wp\/v2\/comments?post=83905"}],"version-history":[{"count":0,"href":"https:\/\/new7.shop\/zerocostfreehost\/index.php\/wp-json\/wp\/v2\/posts\/83905\/revisions"}],"wp:attachment":[{"href":"https:\/\/new7.shop\/zerocostfreehost\/index.php\/wp-json\/wp\/v2\/media?parent=83905"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/new7.shop\/zerocostfreehost\/index.php\/wp-json\/wp\/v2\/categories?post=83905"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/new7.shop\/zerocostfreehost\/index.php\/wp-json\/wp\/v2\/tags?post=83905"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}