There's a Rash of Scam Spam Coming From a Real Microsoft Address (arstechnica.com)
- Reference: 0180679606
- News link: https://it.slashdot.org/story/26/01/28/1849206/theres-a-rash-of-scam-spam-coming-from-a-real-microsoft-address
- Source link: https://arstechnica.com/information-technology/2026/01/theres-a-rash-of-scam-spam-coming-from-a-real-microsoft-address/
> The emails originate from no-reply-powerbi@microsoft.com, an address tied to Power BI. The Microsoft platform provides analytics and business intelligence from various sources that can be integrated into a single dashboard. Microsoft documentation says that the address is used to send subscription emails to mail-enabled security groups. To prevent spam filters from blocking the address, the company advises users to add it to allow lists.
>
> According to an Ars reader, the address on Tuesday sent her an email claiming (falsely) that a $399 charge had been made to her. âoeIt provided a phone number to call to dispute the transaction. A man who answered a call asking to cancel the sale directed me to download and install a remote access application, presumably so he could then take control of my Mac or Windows machine (Linux wasn't allowed)," she said.
>
> Online searches returned a dozen or so accounts of other people reporting receiving the same email. Some of the spam was reported on Microsoft's own website. Sarah Sabotka, a threat researcher at security firm Proofpoint, said the scammers are abusing a Power Bi function that allows external email addresses to be added as subscribers for the Power Bi reports. The mention of the subscription is buried at the very bottom of the message, where it's easy to miss.
[1] https://arstechnica.com/information-technology/2026/01/theres-a-rash-of-scam-spam-coming-from-a-real-microsoft-address/
scam detection: instructions to cancel (Score:3)
If there are clear actionable instructions how to complain or cancel a charge, it's a scam. (Nearly) all other businesses do their best to confuse and complicate cancellation
Re: (Score:2)
For now. However there have been some rumblings of laws to make cancellation just as easy as sign up.
Re: (Score:2)
Some companies have also voluntarily made it easier to cancel as well. Probably one of the worst in recent memory i've had with canceling is SiriusXM, You try and cancel and they keep pushing free months of service on you. Years ago I when I tried to cancel the service it was such a pain in the ass it was just easier to reach out to my credit card company, tell them I lost the card and I got a new one issued with new #. Sirius kept trying to auto bill the old one and kept mailing notices for 6 months that t
Re: (Score:2)
> If there are clear actionable instructions how to complain or cancel a charge, it's a scam. (Nearly) all other businesses do their best to confuse and complicate cancellation
Or how many e-commerce places give you instructions on how to cancel or reverse your order in the order confirmation email?
it's like "Oh, you just bought this from us! Here's how to cancel your order if you clicked "Buy Now" by mistake!". Even at a store how often does the proprietor tell you the return policy without being asked?
The fa
That's hilarious! (Score:2)
Multiple red flags:
1. PowerBI?
What are you doing with PowerBI? PowerBI is analytics for people who don't understand numbers, or what a data point is. PowerBI is about making “pretty pictures” you can look at to fake competence. If you're using PowerBI as an analytics tool, you're not interested in analytics, you're interest “pretty pictures”, free from any form of data understanding or insight.
2. Microsoft!
On their best day, they can't send an email that doesn't look like
Normal Situation (Score:2)
External CCs seemingly being allowed without verification is problem #1. Problem #2 is that email forwarding is still implicitly trusted. There is no reason a scammer should be able to sign up for a real service, and redirect the emails to their email address to your own. But mail forwarding is an established thing that mail providers are scared of breaking for some reason.
The current biggest delivery methods of scam emails is hijacking legitimate transactional emails from major providers. This is why y
No on whitelisting (Score:4, Insightful)
I typically do not allow whitelists on my servers. Anti-spam/anti-phish stops working with them, so I say no a lot.
Instead I tell them, until we have an issue, nothing will be done. If an issue comes up, then we address the issue. Whitelisting is last resort stuff.
Spoofing? (Score:2)
It's easy to spoof a from address. It's not clear whether that's what's happening here.
Did the emails pass DKIM/SPF checks?
Lots of unanswered questions.
MS Licenses... (Score:2)
are basically a scam anyways...I'm surprised people are able to tell the difference ;-)
Re:MS Licenses...[Is there a charge?] (Score:2)
Rather weak FP, but at least it includes a hint of a solution. I don't know such details, but if the MS license includes any kind of cost, then it won't scale for mass scam, which is a tiny step forward.
However my negative sentiments towards Microsoft are so strong that I am not much motivated to RTFA or even click on a link for the sake of learning more. Microsoft's reputation (in my eyes, for whatever they are worth) is not being helped by Microsoft Secrets by Cusamano and Selby.
Oh yeah, the story topic