Scam emails sent from legitimate Power BI address no-reply-powerbi@microsoft.com

A legitimate Microsoft email address, no-reply-powerbi@microsoft.com — which Microsoft says customers should add to their allow list — is being used to deliver scam spam, Ars Technica reports. An Ars reader said she received such an email on Tuesday. The address is tied to Power BI, Microsoft’s analytics and business intelligence platform.

Microsoft documentation says the address is used to send subscription emails to mail-enabled security groups and advises users to add it to allow lists to prevent spam filters from blocking it. The Ars reader’s message falsely claimed a $399 charge and provided a phone number to dispute the transaction.

A man who answered that number directed the Ars writer to download and install a remote access application, apparently so he could take control of her Mac or Windows machine; the message said Linux wasn’t allowed. Online searches turned up a dozen or so other reports of the same email, and some people posted reports on Microsoft’s own website.

Sarah Sabotka, a threat researcher at Proofpoint, said scammers are abusing a Power BI function that allows external email addresses to be added as subscribers for Power BI reports, and that the subscription mention is buried at the bottom of the message where it’s easy to miss. What is known is that the messages are coming from a legitimate Power BI address and appear to exploit Power BI’s subscription feature, and that Microsoft documentation recommends allow-listing the address.

no-reply-powerbi@microsoft.com

power bi

microsoft allow list

power bi subscription emails

mail-enabled security groups

power bi scam

phishing emails power bi

remote access scam

remote access application

false charge claim

phone number scam

mac or windows

linux not allowed

sarah sabotka

proofpoint threat researcher

ars technica report

subscription feature abuse

external subscribers power bi

microsoft documentation

reports on microsoft website