Reports have emerged implicating a Microsoft email address in the distribution of scam spam, notwithstanding Microsoft's recommendation for users to add this address to their allow list.
The email source is no-reply-powerbi@microsoft.com, a Power BI-related address. Power BI is a Microsoft platform that facilitates analytics and business intelligence integration into unified dashboards. Microsoft guides its users to add this address to their allow lists to ensure they receive subscription emails sent to mail-enabled security groups without obstruction.
Deceptive Emails from Microsoft Domain
An Ars reader reported receiving an email from this address falsely stating a $399 charge had occurred. The email provided a phone number for transaction disputes. Upon calling, the person instructed the recipient to download and install remote access software, seemingly to take over control of her Mac or Windows computerâLinux systems were not targeted.
Online inquiries identified dozens of similar reports from other users encountering these emails. Some instances were even documented on Microsoftâs official website.
Sarah Sabotka, a threat researcher with security company Proofpoint, clarified that scammers are exploiting a Power BI function allowing external emails to be added as subscribers to reports. This subscription mention is subtly placed at the email's bottom, making it easy to overlook.