This Phishing Scam Comes From a Real Microsoft Email Address.
As scammers continue to find ways to impersonate well-known brands , users should be wary of spam-like emails—even if they appear to be sent from a legitimate company.
Ars Technica has uncovered a scheme that exploits Microsoft’s opt-in feature to send phishing emails from [email protected] —a legitimate address that the company recommends users add to their approved sender lists.
How the Microsoft Power BI Scam Works
Users who fell victim to this scam received emails from an address associated with Microsoft Power BI, a business analytics platform. The messages contained (fake) receipts for large payments from services such as PayPal, Norton LifeLock, and Microsoft 365, along with a phone number to dispute the transaction.
Scammers on the other end of the line may try to convince you to install a remote access app that allows them to hijack your device or otherwise access personal information. As with any phishing scam, any participation—calling the number provided, responding to an email, or clicking links—can put your data and device at risk.
The emails themselves are riddled with typos and grammatical errors, as well as calls to action that, in most cases, are completely unrelated to Microsoft. Many users, having spotted these warning signs, would immediately know to simply delete the message. However, scammers exploit users’ trust in the brands they exploit, as well as scare tactics, to lure some into their trap.
This is far from the first phishing scheme of this kind: attackers have sent malicious emails from legitimate PayPal and Google addresses (to name just two examples), exploiting similar vulnerabilities. In the case of PayPal , notifications of fraudulent purchases sent from the address service[at]paypal[dot]com abused the platform’s subscription payment feature. In the case of Google, the scammers registered google.com subdomains through Google Sites and linked them to Google accounts.