Researchers have found two ongoing phishing campaigns utilizing Microsoft’s Azure Blob Storage in order to steal recipient’s Outlook and Microsoft account credentials. Both of these phishing landing pages use convincing landing pages that utilize SSL certificates and the windows.net domain to appear legitimate. The campaigns were discovered by the researchers at email security firm Edgewave who shared them with BleepingComputer.com prior to publishing their report. The first phishing email campaign is asking recipients to login to their Office 365 account to update information. The second phishing campaign is used to try and steal a user’s Microsoft account.
Source: https://www.bleepingcomputer.com/news/security/outlook-and-microsoft-account-phishing-emails-utilize-azure-blob-storage/