Microsoft users are reporting a particularly difficult-to-detect scam: phishing emails sent from a genuine Microsoft email address that’s classified as “trustworthy” by the company itself.
The emails appear to be official, but they’re demanding high-value payments and leading victims straight into a scam trap.
Beware of scam emails from an official Microsoft email address
The scam emails are being sent from no-reply-powerbi@microsoft.com, which is a genuine Microsoft email address that’s used for notifications for Power BI (an analysis and collaboration tool). On this support page, Microsoft even explicitly recommends allowing this sender email address to bypass your spam filter so that important system messages aren’t blocked.
Cybercriminals are now exploiting this trust. The scam emails allegedly bring up unauthorized charges (via Ars Technica), usually in the amount of $400 to $700 USD. To stop the supposed payment, recipients are asked to call a specified telephone number as quickly as possible—a classic pressure tactic to provoke hasty reactions and one of the biggest red flags of a phishing scam email.
Anyone who dials the number gets connected to someone who’s impersonating an Microsoft employee. They ask the recipient to install remote maintenance software to fix the problem. In reality, this gives the scammer complete access to the vicitm’s computer, allowing them to spy on activity, steal data, and even install further malware.
In other words, the actual scam doesn’t take place via email but during the telephone conversation afterwards. This makes it considerably more difficult for spam filters to detect automatically.
How scammers are misusing Microsoft Power BI to trick victims
The whole phishing attack is made possible by a legitimate feature of Microsoft Power BI. When creating a dashboard, any email address can be added as a participant. Power BI then automatically sends a notification to those addresses via the official Microsoft address.
The crucial point, though, is that the content of this notification email can be freely defined. Cybercriminals therefore only need valid recipient email addresses to send deceptively genuine payment alerts. Although the email technically comes from Microsoft, the text is completely controlled by the attackers. The actual indication that this is merely an invitation to a Power BI dashboard is only at the end of the message—very easy to overlook or miss.
Security researchers point out that this method is particularly effective because it doesn’t contain any malicious links or attachments, plus the sender domain is considered trustworthy.
Most of the reports so far have come from the US. However, it’s likely that this will spread to other regions, as similar attempts at abuse have been seen on other large platforms in the past.
What you should do
To stay safe, remain particularly vigilant against phishing scams:
- Double-check all payment requests carefully, even if the sender’s email address appears to be genuine.
- Read the email completely from start to finish.
- Don’t call any telephone numbers from unsolicited emails.
- Never install remote maintenance software when requested by a support team, especially over email or telephone.
- Only settle outstanding invoices via your official Microsoft account or through verified support channels.
As a general rule, Microsoft doesn’t contact users by phone or remote access to request payment for unauthorized charges.
This articles is written by : Nermeen Nabil Khear Abdelmalak
All rights reserved to : USAGOLDMIES . www.usagoldmines.com
You can Enjoy surfing our website categories and read more content in many fields you may like .
Why USAGoldMines ?
USAGoldMines is a comprehensive website offering the latest in financial, crypto, and technical news. With specialized sections for each category, it provides readers with up-to-date market insights, investment trends, and technological advancements, making it a valuable resource for investors and enthusiasts in the fast-paced financial world.