How do scammers use Microsoft Power BI for fraudulent emails?

Scammers exploit a Power BI feature that allows external email addresses to subscribe to reports, using the trusted Microsoft domain to add credibility to their fraudulent messages.

What is the typical scam involving the no-reply-powerbi@microsoft.com email?

The scam emails falsely claim a charge has been made and provide a phone number. Scammers then direct victims to download remote access applications.

Home / Technology / Trusted Microsoft Email Used for Scams

Trusted Microsoft Email Used for Scams

Q: What legitimate Microsoft email address is being used for scams?

The legitimate Microsoft email address no-reply-powerbi@microsoft.com is being used by scammers to send fraudulent messages.

28 Jan

•

Summary

Legitimate Microsoft email address used to send scam messages.
Scammers exploit Power BI feature for sending fake charges.
Emails appear credible due to trusted Microsoft domain.

A legitimate Microsoft email address, no-reply-powerbi@microsoft.com, is being used by scammers to send fraudulent messages. This address is officially associated with Microsoft's Power BI service and is meant for legitimate subscription notifications. The scam emails falsely claim that a $399 charge has been made and provide a phone number for recipients to dispute the transaction.

During a phone interaction, scammers direct victims to download remote access applications, potentially allowing them to control the user's computer. Security researchers indicate that attackers exploit a Power BI feature allowing external email addresses to subscribe to reports. This abuse adds a layer of credibility, bypassing traditional email security by using a trusted domain and avoiding malicious links or attachments.

Disclaimer: This story has been auto-aggregated and auto-summarised by a computer program. This story has not been edited or created by the Feedzop team.