Microsoft users are reporting a particularly difficult-to-detect scam: phishing emails sent from a genuine Microsoft email address that’s classified as “trustworthy” by the company itself.
The emails appear to be official, but they’re demanding high-value payments and leading victims straight into a scam trap.
Beware of scam emails from an official Microsoft email address
The scam emails are being sent from no-reply-powerbi@microsoft.com, which is a genuine Microsoft email address that’s used for notifications for Power BI (an analysis and collaboration tool). On this support page, Microsoft even explicitly recommends allowing this sender email address to bypass your spam filter so that important system messages aren’t blocked.
Cybercriminals are now exploiting this trust. The scam emails allegedly bring up unauthorized charges (via Ars Technica), usually in the amount of $400 to $700 USD. To stop the supposed payment, recipients are asked to call a specified telephone number as quickly as possible—a classic pressure tactic to provoke hasty reactions and one of the biggest red flags of a phishing scam email.
Anyone who dials the number gets connected to someone who’s impersonating an Microsoft employee. They ask the recipient to install remote maintenance software to fix the problem. In reality, this gives the scammer complete access to the vicitm’s computer, allowing them to spy on activity, steal data, and even install further malware.
In other words, the actual scam doesn’t take place via email but during the telephone conversation afterwards. This makes it considerably more difficult for spam filters to detect automatically.
How scammers are misusing Microsoft Power BI to trick victims
The whole phishing attack is made possible by a legitimate feature of Microsoft Power BI. When creating a dashboard, any email address can be added as a participant. Power BI then automatically sends a notification to those addresses via the official Microsoft address.
The crucial point, though, is that the content of this notification email can be freely defined. Cybercriminals therefore only need valid recipient email addresses to send deceptively genuine payment alerts. Although the email technically comes from Microsoft, the text is completely controlled by the attackers. The actual indication that this is merely an invitation to a Power BI dashboard is only at the end of the message—very easy to overlook or miss.
Security researchers point out that this method is particularly effective because it doesn’t contain any malicious links or attachments, plus the sender domain is considered trustworthy.
Most of the reports so far have come from the US. However, it’s likely that this will spread to other regions, as similar attempts at abuse have been seen on other large platforms in the past.
What you should do
To stay safe, remain particularly vigilant against phishing scams:
- Double-check all payment requests carefully, even if the sender’s email address appears to be genuine.
- Read the email completely from start to finish.
- Don’t call any telephone numbers from unsolicited emails.
- Never install remote maintenance software when requested by a support team, especially over email or telephone.
- Only settle outstanding invoices via your official Microsoft account or through verified support channels.
As a general rule, Microsoft doesn’t contact users by phone or remote access to request payment for unauthorized charges.
This articles is written by : Fady Askharoun Samy Askharoun
All Rights Reserved to Amznusa www.amznusa.com
Why Amznusa?
AMZNUSA is a dynamic website that focuses on three primary categories: Technology, e-commerce and cryptocurrency news. It provides users with the latest updates and insights into online retail trends and the rapidly evolving world of digital currencies, helping visitors stay informed about both markets.
