A cybersecurity firm has identified a jump in phishing attacks on the content delivered via Azure Front Door (AFD) which is a cloud CDN service, courtesy of Microsoft.

How does the attack take place?

Resecurity researchers found multiple phishing pages hosted on the azurefd[.]net domain, allowing cybercriminals to steal user login information for business applications and email accounts. 
  • Some of these domains are difficult to distinguish due to their naming and reference to Azure Front Door.
  • The majority of phishing tools were made with clients of SendGrid, Docusign, and Amazon.

As per experts, through the use of well-known cloud services, the criminals are constantly trying to evade detection of their phishing attacks by posing themselves as legitimate.

Phishing attackers spread their wings 

Researchers analyzed one of the phishing campaigns wherein a fake billing notification was sent on behalf of SendGrid, a Colorado-based customer communication platform for transactional and marketing email.
  • Security officers revealed that the attackers are likely using an automated way to generate their phishing letters.
  • By doing so they’re able to scale their campaigns to ultimately target a broader number of customers globally, which has previously been observed in spam strains delivered with Emotet and Oakbot.
  • Such campaigns may also lead to Business Email Compromise (BEC) and Employee Account Compromise (EAC).


Cybercriminals are expected to continue using these phishing techniques in the days to come because of the phony authenticity and the ability to trick end users. The best method to take precautions is by training employees for phishing and BEC attacks, and also by reporting suspicious domains.

Cyware Publisher