Microsoft’s Own Email Address Caught Delivering Scam Spam—And It’s on Their Allow List

In a shocking twist that blurs the lines between legitimate communication and malicious phishing, a Microsoft-owned email address—one that the company explicitly tells customers to whitelist—has been caught delivering scam spam. The address in question, [email protected], is tied to Microsoft’s Power BI platform, a popular business intelligence tool that allows users to create interactive dashboards and reports.

The Setup: A Trusted Address Turned Trojan Horse

Power BI is designed to help businesses analyze data from multiple sources and present it in a unified dashboard. According to Microsoft’s own documentation, the [email protected] address is used to send subscription emails to mail-enabled security groups. To ensure these emails aren’t blocked by spam filters, Microsoft advises users to add the address to their allow lists.

However, this trusted status has now been exploited by scammers. An Ars Technica reader reported receiving an email from this address on Tuesday, falsely claiming that a $399 charge had been made to her account. The email included a phone number to call to dispute the transaction. When she called, a man on the other end directed her to download and install a remote access application, presumably to take control of her Mac or Windows machine (Linux users were explicitly excluded).

The Scam in Action

The email, which appeared to be a legitimate notification from Microsoft, looked like this:

[Insert screenshots of the scam email here]

Online searches revealed a dozen or so accounts of other people receiving the same email. Some of these reports were even posted on Microsoft’s own website, highlighting the widespread nature of the scam.

How the Scammers Are Abusing Power BI

Sarah Sabotka, a threat researcher at security firm Proofpoint, explained that the scammers are abusing a Power BI function that allows external email addresses to be added as subscribers for Power BI reports. The mention of the subscription is buried at the very bottom of the message, where it’s easy to miss.

“This is a classic case of exploiting a legitimate service for malicious purposes,” Sabotka said. “The scammers are leveraging the trust associated with Microsoft’s brand and the fact that this email address is on many users’ allow lists to bypass spam filters and trick people into calling the fake support number.”

The Broader Implications

This incident raises serious questions about the security of email allow lists and the potential for trusted addresses to be weaponized by scammers. It also highlights the challenges that large tech companies face in securing their platforms against abuse.

For users, the takeaway is clear: even emails from seemingly legitimate sources should be scrutinized carefully. If you receive an unexpected charge notification, don’t call the number provided in the email. Instead, log in to your account directly through the official website or app to verify the charge.

Microsoft’s Response

As of now, Microsoft has not issued a public statement about the scam. However, the company is likely aware of the issue, given the reports on its own website. It remains to be seen whether Microsoft will take steps to secure the Power BI subscription function or issue a warning to users about the scam.

Conclusion

The use of a Microsoft-owned email address to deliver scam spam is a stark reminder of the evolving tactics used by cybercriminals. By exploiting trusted services and bypassing traditional spam filters, scammers are finding new ways to trick users into handing over sensitive information or installing malicious software.

As always, the best defense is vigilance. Be wary of unexpected emails, especially those that create a sense of urgency or fear. And remember: if something seems too good (or too bad) to be true, it probably is.

Tags: Microsoft, Power BI, scam spam, phishing, email security, cybercrime, remote access, tech news, cybersecurity, Microsoft scam, allow list, trusted email, business intelligence, Proofpoint, threat research, tech vulnerability, email fraud, scam alert, Microsoft phishing, Power BI abuse, email allow list, tech security, cybersecurity threat, phishing scam, Microsoft email, scam notification, tech vulnerability, email fraud, scam alert, Microsoft phishing, Power BI abuse, email allow list, tech security, cybersecurity threat, phishing scam.

Viral Sentences:

• “Microsoft’s own email address caught delivering scam spam—and it’s on their allow list!”
• “Scammers exploit trusted Microsoft email to trick users into downloading remote access tools.”
• “Even Microsoft’s allow list can’t stop this sneaky phishing scam.”
• “Beware: The email you trust might be the one that tricks you.”
• “Microsoft’s Power BI turned into a phishing tool—how safe is your inbox?”
• “Scammers are smarter than ever—don’t let your guard down, even with Microsoft emails.”
• “This scam proves that even the most trusted sources can be weaponized.”
• “Your allow list might be your biggest vulnerability—here’s why.”
• “Microsoft’s email address used to deliver scam spam—what you need to know.”
• “The phishing scam that’s bypassing every spam filter—thanks to Microsoft’s own advice.”

,