By Emily Long
Publication Date: 2026-01-29 13:30:00
As scammers continue to find ways to impersonate known brands, users should remain wary of spam-like emails—even if they appear to come from a legitimate company address.
Ars Technica has identified a scheme that abuses a Microsoft subscription feature to send phishing emails from [email protected], a real address that the company advises users to add to their allow lists.
How the Microsoft Power BI scam works
Users targeted with this scam have received emails from an address connected to Microsoft Power BI, a business analytics platform. The messages include (fake) billing receipts with large purchase amounts from services like PayPal, Norton LifeLock, and Microsoft 365 and a phone number to call to dispute the transaction.
Scammers on the other end of the line may try to convince you to install a remote access application that allows device takeover or will otherwise extract personal information. As with any phishing scam, engaging in any way—calling the…
