Recent reports indicate that emails originating from a legitimate Microsoft address—which the company recommends customers add to their allow lists—are being utilized to distribute scam content. The emails are sent from [email protected], an address associated with Power BI. This platform provides analytics and business intelligence, integrating insights from various sources into a unified dashboard. Microsoft advises users to whitelist this address to prevent spam filters from blocking genuine subscription emails aimed at mail-enabled security groups.
Malicious Impersonation
On Tuesday, an Ars Technica reader reported receiving a fraudulent email claiming a charge of $399 had been processed against her account. The email included a phone number to dispute the charge. Upon contacting the number, the individual on the line prompted her to download a remote access application, likely intending to seize control of her computer. This tactic, reminiscent of various social engineering scams, poses significant risks to personal and organizational cybersecurity.
Instances of this specific scam have been corroborated through multiple online forums, where various individuals reported receiving similar deceptive communications. Noteworthy is that some occurrences have also been documented on Microsoft’s official channels, indicating a broader issue of exploitation targeting users of the service.
Sarah Sabotka, a threat researcher at Proofpoint, highlighted that attackers are taking advantage of a feature within Power BI that allows external email addresses to subscribe to report notifications. The scam’s reference to subscriptions is strategically placed at the bottom of the email, which could easily mislead recipients. This underscores the need for increased vigilance when engaging with unexpected communications, especially those that leverage legitimate company branding.
This incident exemplifies current trends in cyber threats, where actors utilize established platforms to instigate phishing attempts and social engineering schemes. MITRE ATT&CK Framework can help contextualize the techniques employed in such attacks. Techniques such as initial access—using emails to gain entry—and social engineering to manipulate users fall within the tactics observed during this scam. The perceived legitimacy of the email address lends credibility, complicating the recipient’s ability to discern the authenticity of the communication.
As cyber threats evolve, maintaining robust security measures and educating employees about potential risks become paramount for organizations. Business owners should consider reinforcing their email filter solutions, implementing multi-factor authentication, and regularly training staff on identifying phishing attempts. In an era where sophisticated scams intertwine with established business protocols, awareness and preventive practices are paramount in safeguarding sensitive information.
