The fraudsters are really like 50x more of a problem than what you're talking about in practice. Even if you _think_ you're the sort who will never go beyond free tier, circle back in 3 years and you've probably forced your employer or someone you consult for to start paying for stuff even if you still use free tier for your personal stuff. I call it the "Adobe effect" -- a reference to how in the early 2010s some Adobe insiders famously released some of their own pirated photoshop torrents, with, rumor has it, company approval, because they realized the kids pirating photoshop would convert to sales ~5 years later when they work for whatever company. Free converts very well even if it is in surprising / indirect ways.
The fraudsters and miners, however, are a whole other thing. They will suck up the maximum amount of resources they can and extract a tiny profit from it. It will inevitably cost you, the cloud provider, money, because mining typically isn't profitable without GPU compute anyway, so the entire profitiably of what they're doing is based on the fact that you are offering free electricity. It's a net loss, as these users will also probably never convert proportional to the usage they incur. Most users of free tier services use a tiny fraction of the available free resources within the tier. These guys will hover at 99.99% always, ruining the whole profitability model and dramatically increasing the cost of acquriing a customer via free tier.
A lot of cloud services (not just Azure, but certainly in Azure) are assigned a globally unique resource name, which also gets assigned a DNS name.
Domain squatters can walk the domain to find these services and keep an eye for if they lapse. (Sometimes this happens if a service needs to be recreated due to upgrade)
What a malicious user can do during that maintenance is trigger a deploy of the same service name now that it's available and snap it up. They can either shut down the VM or scale down the service to be sitting there and not costing them anything, and see if they can extract payment from their victim to release the domain (which might be hard coded somewhere). Worse yet, they could leave it as is and try and see what interesting traffic starts coming in and tinker with it.
The fraudsters and miners, however, are a whole other thing. They will suck up the maximum amount of resources they can and extract a tiny profit from it. It will inevitably cost you, the cloud provider, money, because mining typically isn't profitable without GPU compute anyway, so the entire profitiably of what they're doing is based on the fact that you are offering free electricity. It's a net loss, as these users will also probably never convert proportional to the usage they incur. Most users of free tier services use a tiny fraction of the available free resources within the tier. These guys will hover at 99.99% always, ruining the whole profitability model and dramatically increasing the cost of acquriing a customer via free tier.