Sunday 05 July 2026 22:49:29 GMT+02:00

Netcrook

HomeManifesto
News
Techcrook
Geocrook
WikicrookTeamAppContact
EnglishItalianoArabic

Security Awareness & Social Engineering

Microsoft’s Trusted Email Hijacked: Scammers Slip Through the Gates

Published: 28 January 2026 04:09Category: Security Awareness & Social EngineeringGeo: North AmericaAuthor: LOGICFALCON

Subtitle: Criminals are exploiting a real Microsoft address to bypass spam filters and launch convincing scam campaigns.

It’s the kind of message that makes even seasoned security pros do a double-take: an email from Microsoft’s own no-reply-powerbi@microsoft.com, warning of a suspicious $399 charge and urging the recipient to call a phone number. But what’s hiding behind that familiar address isn’t customer support-it’s a scammer, ready to take over your computer.

When a Trusted Sender Becomes a Trojan Horse

For years, Microsoft has told users to trust emails from certain addresses-especially those tied to business services like Power BI, its analytics and reporting platform. The address no-reply-powerbi@microsoft.com is even listed in official documentation as safe, with instructions for IT teams to add it to email allow lists. That trust is now being weaponized.

Reports surfaced this week that scammers have found a loophole: they use Power BI’s legitimate “subscription” feature to send emails directly from Microsoft’s infrastructure. These emails, indistinguishable from real notifications, claim a hefty charge was made to your account. The only way to dispute it, the email says, is to call a provided number.

But the person on the other end isn’t a Microsoft agent. Instead, they walk you through installing remote-access software, giving them full control over your device. Once inside, attackers can steal sensitive files, install malware, or even lock you out entirely.

Security researcher Sarah Sabotka from Proofpoint explains that the scam relies on Power BI’s ability to add any external email as a report subscriber. The legitimate subscription notice, buried at the bottom of the email, is easily overlooked amid the alarming claims at the top. Online forums and even Microsoft’s own support pages have seen a surge of complaints from recipients.

This campaign highlights a dangerous paradox: the more we trust “safe” senders, the more damage criminals can do when they infiltrate those channels. Because the messages originate from Microsoft’s real servers, most spam filters-and even wary users-let them through without question.

Guarding Against Trusted Threats

The Power BI scam is a stark reminder that even legitimate addresses can be abused. Organizations and individuals must stay vigilant, scrutinizing every unexpected message-no matter how authentic it looks. As attackers get more creative, our best defense is a blend of skepticism, technical controls, and swift reporting of suspicious activity. In a world where trust can be hijacked, staying alert is not just smart-it’s essential.

WIKICROOK

  • Allow List: An allow list is a security tool that permits only trusted sources, like specific emails or domains, to access a system, blocking all others.
  • Remote Access Application: A remote access application enables users to control a computer or network from another location, often used for IT support and remote work.
  • Power BI: Power BI is a Microsoft analytics tool that creates interactive dashboards, helping cybersecurity teams visualize, analyze, and report on security data efficiently.
  • Spam Filter: A spam filter is software that detects and blocks unwanted or suspicious emails, helping protect users from scams and reducing inbox clutter.
  • Phishing: Phishing is a cybercrime where attackers send fake messages to trick users into revealing sensitive data or clicking malicious links.