Facebook Ads Feed Tech Support Scam via Azure

A new cyber campaign is leveraging the facebook ads feed to deceive users and funnel them into a convincing tech support scam. Researchers at Gen Threat Labs have uncovered a three-step malvertising chain that begins when a user clicks a sponsored ad on Facebook. Instead of reaching a legitimate site, they’re rerouted to a fake Italian restaurant webpage. This decoy helps evade automated scanners before redirecting victims to a fraudulent tech support page hosted on Microsoft Azure’s web infrastructure.

The TSS landing page mimics urgent system alerts and urges users to call fake support numbers. Analysts noted the campaign targets U.S. users and operates mostly on weekdays, rotating more than 100 domains in one week to avoid blocks. By exploiting trusted platforms like Azure and layering redirections, the scammers complicate detection efforts.

Security teams should monitor for suspicious Azure traffic and users must stay alert when engaging with content in the facebook ads feed.

New 3 Step Malvertising Chain Abusing Facebook Paid Ads to Push Tech Support Scam Kit