There are reports that a legitimate Microsoft email address—which Microsoft explicitly says customers should add to their allow list—is delivering scam spam.
The emails originate from no-reply-powerbi@microsoft.com, an address tied to Power BI. The Microsoft platform provides analytics and business intelligence from various sources that may be integrated right into a single dashboard. Microsoft documentation says that the address is used to send subscription emails to mail-enabled security groups. To stop spam filters from blocking the address, the corporate advises users so as to add it to permit lists.
From Microsoft, with malice
In line with an Ars reader, the address on Tuesday sent her an email claiming (falsely) that a $399 charge had been made to her. It provided a phone number to call to dispute the transaction. A person who answered a call asking to cancel the sale directed me to download and install a distant access application, presumably so he could then take control of my Mac or Windows machine (Linux wasn’t allowed). The e-mail, captured within the two screenshots below, looked like this:
Online searches returned a dozen or so accounts of other people reporting receiving the identical email. Among the spam was reported on Microsoft’s own website.
Sarah Sabotka, a threat researcher at security firm Proofpoint, said the scammers are abusing a Power Bi function that enables external email addresses to be added as subscribers for the Power Bi reports. The mention of the subscription is buried on the very bottom of the message, where it’s easy to miss. The researcher explained:
