Bing Ads Exploited in Sophisticated Azure-Based Tech Support Scams
A recent wave of tech support scams has emerged, leveraging Bing search advertisements to deceive users into visiting fraudulent pages hosted on Microsoft Azure Blob Storage. This campaign has impacted 48 organizations across the United States, spanning sectors such as healthcare, manufacturing, and technology. The attack commenced on February 2, 2026, at approximately 16:00 UTC, rapidly gaining traction due to its strategic placement within legitimate search results.
Attack Methodology
The attackers employed a cunning strategy by targeting users conducting routine searches. For instance, individuals searching for common terms like amazon encountered malicious advertisements prominently displayed in Bing’s search results. Clicking on these ads redirected users to highswit[.]space, a newly registered domain hosting an empty WordPress site. This intermediary step served as a conduit, automatically forwarding users to Azure Blob Storage containers where the actual scam pages resided.
Infrastructure and Technical Details
Security researchers identified a consistent pattern in the malicious URLs, indicating a standardized deployment method. Each fraudulent link included an Azure Blob Storage container, a random string identifier, a fixed path werrx01USAHTML/index.html, and a phone number parameter instructing victims whom to call. The scammers utilized multiple phone numbers, including 1-866-520-2041, 1-833-445-4045, 1-855-369-0320, 1-866-520-2173, and 1-833-445-3957.
The scam pages were meticulously crafted to mimic legitimate Microsoft security warnings, displaying fake alerts about Trojan spyware infections and system vulnerabilities. These pages instilled a sense of urgency, prompting victims to contact the provided phone numbers for technical support. Once contacted, scammers attempted to gain remote access to victims’ computers or extract financial information under the guise of resolving non-existent issues.
Broader Context and Similar Incidents
This incident is part of a broader trend where cybercriminals exploit legitimate platforms and services to conduct fraudulent activities. For example, previous campaigns have utilized Bing search advertisements to distribute weaponized versions of popular software like PuTTY and Microsoft Teams, leading to malware infections and unauthorized access to systems. In one such case, attackers used malicious Bing ads to direct users to fake Microsoft Teams download pages, resulting in malware installations on Windows systems. ([cybersecuritynews.com](https://cybersecuritynews.com/fake-microsoft-teams-page-drops-malware-on-windows/?utm_source=openai))
Additionally, there have been instances where cybercriminals impersonated Microsoft technical support services, targeting individuals through sophisticated phishing campaigns. These scams often involve fake security alerts and deceptive tactics to convince victims to provide sensitive information or grant remote access to their devices. ([cybersecuritynews.com](https://cybersecuritynews.com/new-tech-support-scam-with-microsofts-logo/?utm_source=openai))
Recommendations and Preventive Measures
To protect against such scams, users are advised to:
– Be Cautious with Search Ads: Avoid clicking on search advertisements, especially when searching for well-known brands or services. Instead, navigate directly to official websites by typing the URL into the browser.
– Verify Website Authenticity: Before entering any personal information, ensure the website is legitimate by checking the URL for correct spelling and looking for HTTPS encryption.
– Be Skeptical of Unsolicited Alerts: Be wary of unexpected security warnings or pop-ups urging immediate action, particularly those requesting remote access or personal information.
– Use Reputable Security Software: Install and maintain up-to-date antivirus and anti-malware software to detect and prevent malicious activities.
– Educate and Train Employees: Organizations should provide regular training to employees about recognizing and responding to phishing attempts and tech support scams.
By staying informed and adopting these preventive measures, individuals and organizations can reduce the risk of falling victim to such sophisticated scams.
