"According to an Ars reader, the address on Tuesday sent her an email claiming (falsely) that a $399 charge had been made to her. It provided a phone number to call to dispute the transaction. A man who answered a call asking to cancel the sale directed me to download and install a remote access application, presumably so he could then take control of my Mac or Windows machine (Linux wasn't allowed). The email, captured in the two screenshots below, looked like this:"
"The emails originate from no-reply-powerbi@microsoft.com, an address tied to Power BI. The Microsoft platform provides analytics and business intelligence from various sources that can be integrated into a single dashboard. Microsoft documentation says that the address is used to send subscription emails to mail-enabled security groups. To prevent spam filters from blocking the address, the company advises users to add it to allow lists."
The Microsoft Power BI address no-reply-powerbi@microsoft.com, which Microsoft advises customers to allowlist, is being used to deliver scam emails. The messages impersonate billing notifications and claim false charges while providing phone numbers to dispute the transactions. Call recipients report being instructed to install remote-access software, enabling attackers to take control of Mac or Windows machines. Multiple people have reported receiving the same email, and some incidents were reported on Microsoft's website. Security researchers at Proofpoint say scammers are abusing a Power BI feature that lets external email addresses be added as report subscribers, with subscription notices buried at the bottom of messages.
Read at Ars Technica
Unable to calculate read time
Collection
[
|
...
]