There are reports that a legitimate Microsoft email address – which Microsoft clearly says customers should add to their allowed list – is delivering scam spam.
The emails come from no-reply-powerbi@Microsoft.com, which is the address associated with Power BI. The Microsoft platform provides analytics and business intelligence from a variety of sources that can be integrated into a single dashboard. Microsoft documentation says the address is used to send subscription emails to mail-enabled security groups. To prevent the address from being blocked by spam filters, the company recommends users to add it to allow lists.
From Microsoft, with malice
According to an Ars reader, an email was sent to him at the address on Tuesday claiming (falsely) that he had been charged $399. It provided a phone number to call to dispute the transaction. A man who answered the call with a request to cancel the sale instructed me to download and install a remote access application, presumably so he could take control of my Mac or Windows machine (Linux was not allowed). The email captured in the two screenshots below looked like this:
Online searches returned a dozen or more accounts of other people who reported receiving similar emails. Some of the spam was reported on Microsoft’s own website.
Sarah Subotka, a threat researcher at security firm Proofpoint, said scammers are abusing the Power Bee function that allows external email addresses to be added as subscribers to Power Bee reports. The subscription mention is hidden at the very bottom of the message, where it’s easy to miss. The researcher explained:
<a href