This Phishing Scam Comes From a Real Microsoft Email Address

As scammers continue to find ways to impersonate well-known brands, users should be wary of spam emails, even if they appear to come from a legitimate business address.

Ars Technica has identified a system that abuses a Microsoft subscription feature to send phishing emails from [email protected]a real address that the company advises users to add to their allow lists.

How the Microsoft Power BI scam works

Users targeted by this scam received emails from an address connected to Microsoft Power BI, a business analytics platform. The messages include (fake) billing receipts with large purchase amounts from services such as PayPal, Norton LifeLock and Microsoft 365 and a phone number to call to dispute the transaction.

Scammers on the other end may try to convince you to install a remote access app that takes control of the device or extracts personal information. As with any phishing scam, intervening in any way (calling the number, replying to the email, or clicking on links) can put your data and device at risk.

The emails themselves are filled with typos and grammatical errors and urgent calls to action that, in most cases, have nothing to do with Microsoft itself. Many users would spot these red flags and simply delete the message. However, the threat actors capitalize on the trust users have in the brands they leverage, as well as scare tactics to trap certain people into their scheme.

This is also far from the first phishing scheme of its kind: bad actors have sent malicious emails from legitimate PayPal and Google addresses (to name two) by exploiting similar flaws. In the case of PayPal, fraudulent purchase notifications sent from the service[at]paypal[dot]com abused the platform’s subscription billing functionality. With Google, fraudsters registered google.com subdomains through Google Sites and associated them with Google accounts.