There are reports that a real Microsoft email address—one that Microsoft itself advises recipients to add to allow lists—has been used to deliver scam spam. The sender, no-reply-powerbi@microsoft.com, is linked to Power BI, a Microsoft service that offers analytics and dashboards assembled from various data sources. Official Microsoft documentation notes that this address is used to send subscription notices to mail-enabled security groups, and the guidance to whitelist it is meant to prevent legitimate messages from being blocked by filters.
Analysts say attackers are exploiting a legitimate Power BI feature that lets external email addresses subscribe to Power BI reports. The crucial “subscription” detail is tucked at the bottom of the message, making it easy to overlook. Security expert Sarah Sabotka of Proofpoint explains that scammers are abusing this function to impersonate legitimate Microsoft communications, complicating detection.
In one reported case, a recipient received a notice claiming a $399 charge had been made, with a phone number to call to dispute the transaction. When she spoke to a scam operator, he directed her to download a remote-access tool to take control of her computer, a tactic designed to facilitate fraud. The emails included screenshots illustrating the supposed charge, which were circulated by several Ars readers and online discussions.
Ars Technica notes that multiple people have reported receiving similar messages, and some accounts have been posted on Microsoft’s own website. Security researchers at Cofense have previously highlighted campaigns that misuse Power BI to host phishing links, while Check Point has described abuse of Google Cloud platforms in similar schemes, underscoring a broader trend of trusted services being repurposed for fraud.
The broader takeaway is that even messages appearing to come from familiar, reputable senders can be part of scams, especially when they leverage legitimate features. Users should verify through official Microsoft channels and avoid acting on unsolicited notices. Organizations can reduce risk by educating users about this abuse of Power BI subscriptions and by monitoring for suspicious patterns in legitimate-looking emails.
