There's a Rash of Scam Spam Coming From a Real Microsoft Address

There are reports that a legitimate Microsoft email address -- which Microsoft explicitly says customers should add to their allow list -- is delivering scam spam. ArsTechnica: The emails originate from no-reply-powerbi@microsoft.com, an address tied to Power BI. The Microsoft platform provides analytics and business intelligence from various sources that can be integrated into a single dashboard. Microsoft documentation says that the address is used to send subscription emails to mail-enabled security groups. To prevent spam filters from blocking the address, the company advises users to add it to allow lists.

According to an Ars reader, the address on Tuesday sent her an email claiming (falsely) that a $399 charge had been made to her. âoeIt provided a phone number to call to dispute the transaction. A man who answered a call asking to cancel the sale directed me to download and install a remote access application, presumably so he could then take control of my Mac or Windows machine (Linux wasn't allowed)," she said.

Online searches returned a dozen or so accounts of other people reporting receiving the same email. Some of the spam was reported on Microsoft's own website. Sarah Sabotka, a threat researcher at security firm Proofpoint, said the scammers are abusing a Power Bi function that allows external email addresses to be added as subscribers for the Power Bi reports. The mention of the subscription is buried at the very bottom of the message, where it's easy to miss.

MS Licenses...

[nwaack]

are basically a scam anyways...I'm surprised people are able to tell the difference ;-)

Re:MS Licenses...[Is there a charge?]

[shanen]

Rather weak FP, but at least it includes a hint of a solution. I don't know such details, but if the MS license includes any kind of cost, then it won't scale for mass scam, which is a tiny step forward.

However my negative sentiments towards Microsoft are so strong that I am not much motivated to RTFA or even click on a link for the sake of learning more. Microsoft's reputation (in my eyes, for whatever they are worth) is not being helped by Microsoft Secrets by Cusamano and Selby.

Oh yeah, the story topic

Re:

[cascadingstylesheet]

If "we" really wanted to stop the scamming spammers, then I think it could be done.

Well, long prison sentences might help. And perhaps large fines for any network delivering spam. Big tariffs for countries allowing it to be sent?

Let's get creative. We obviously haven't taken it very seriously, yet.

How can the large numbers of spam haters be placed between the scammers and their suckers to shift the profits into losses?

By electing people who pass laws mandating long prison sentences for spam?

Re:

[shanen]

You seem to have a thing about prisons, but it reminds me of some scammers who were operating out of a prison. Actually an immigrant detention facility in a nearby country, though I'd have to dig up the details. You can say it's a minor league prison, but they had worked out quite an interesting system of bribing the guards to overlook such trivia as burner phones smuggled into the prison for running their real business back in Japan. I remember that the crimes involved fraud, but again I'd have to dig up t

Re:

[cascadingstylesheet]

You seem to have a thing about prisons

About them being a good place for criminals to live? Sure.

Re:

[shanen]

ACK but close to NAK.

Re:

[nwaack]

Didn't even realize this was an FP. But thanks for pointing out the fact that you found it not up to your standards of quality. I'll be sure to keep your delicate sensibilities in mind next time I post something to /.

It makes me sad that people like you exist

Re:

[shanen]

NAK

scam detection: instructions to cancel

[d4fseeker]

If there are clear actionable instructions how to complain or cancel a charge, it's a scam. (Nearly) all other businesses do their best to confuse and complicate cancellation

Re:

[anoncoward69]

For now. However there have been some rumblings of laws to make cancellation just as easy as sign up.

Re:

[anoncoward69]

Some companies have also voluntarily made it easier to cancel as well. Probably one of the worst in recent memory i've had with canceling is SiriusXM, You try and cancel and they keep pushing free months of service on you. Years ago I when I tried to cancel the service it was such a pain in the ass it was just easier to reach out to my credit card company, tell them I lost the card and I got a new one issued with new #. Sirius kept trying to auto bill the old one and kept mailing notices for 6 months that t

Re:

[tlhIngan]

If there are clear actionable instructions how to complain or cancel a charge, it's a scam. (Nearly) all other businesses do their best to confuse and complicate cancellation

Or how many e-commerce places give you instructions on how to cancel or reverse your order in the order confirmation email?

it's like "Oh, you just bought this from us! Here's how to cancel your order if you clicked "Buy Now" by mistake!". Even at a store how often does the proprietor tell you the return policy without being asked?

The fa

Re:

[shanen]

I wish you had included sufficient context to relate your joke to the story. (Only Funny on another high-potential topic.) However I'm still not interested enough to RTFA, so it's mostly my own fault?

However on the topic of cancellation instructions, I have an amusing anecdote to share about Rakuten Mobile, my primary phone company and formerly my primary data company. I've actually had five contracts with RM, but have now cancelled four of them. The two most recent cancellations were exceedingly painful an

That's hilarious!

[Murdoch5]

Multiple red flags:

1. PowerBI?

What are you doing with PowerBI? PowerBI is analytics for people who don't understand numbers, or what a data point is. PowerBI is about making “pretty pictures” you can look at to fake competence. If you're using PowerBI as an analytics tool, you're not interested in analytics, you're interest “pretty pictures”, free from any form of data understanding or insight.

2. Microsoft!

On their best day, they can't send an email that doesn't look like

Normal Situation

[omnichad]

External CCs seemingly being allowed without verification is problem #1. Problem #2 is that email forwarding is still implicitly trusted. There is no reason a scammer should be able to sign up for a real service, and redirect the emails to their email address to your own. But mail forwarding is an established thing that mail providers are scared of breaking for some reason.

The current biggest delivery methods of scam emails is hijacking legitimate transactional emails from major providers. This is why y

No on whitelisting

[jhoegl]

I typically do not allow whitelists on my servers. Anti-spam/anti-phish stops working with them, so I say no a lot.

Instead I tell them, until we have an issue, nothing will be done. If an issue comes up, then we address the issue. Whitelisting is last resort stuff.

Spoofing?

[Tony Isaac]

It's easy to spoof a from address. It's not clear whether that's what's happening here.

Did the emails pass DKIM/SPF checks?

Lots of unanswered questions.

Re:

[Anonymous Coward]

The email was genuinely coming from Microsoft. The original problem was that scammers were able to subscribe anybody to a Power BI report and include text of their choice in the email generated by Microsoft.

Anything ...

[cascadingstylesheet]

... that allows "invitations", and customizing, or even just adding to, the invite message, can result in scam email sent from very real email addresses of trusted entities.

This is not new. Never click the link in the email, never call the number in the email. And most of all, never rush; carefully read it, think about it, see if it even makes sense ("hmm, what's this weird invitation thing at the bottom?"), and if you feel you must follow up on it, do so through completely independent and verifiable channels.

Built-in spam

[kackle]

Our company uses Outlook 365 for email; I got my first in-client ad in the form of an email yesterday, asking me to consider using Microsoft's Copilot. Ugh.