THERE are reports that a legitimate Microsoft email address—which Microsoft explicitly says customers should add to their allow list—is delivering scam spam. The emails originate from no-reply-powerbi@microsoft[.]com, an address tied to Power BI, with Power BI’s own documentation noting it is used to send subscription emails to mail-enabled security groups.
According to an Ars reader, one message claimed a $399 charge had been made to the recipient and directed them to call a number to dispute it, after which a caller prompted the user to download a remote access application to take control of their device. Online discussions have surfaced on Reddit and other platforms about several people receiving the same email, and some reports have been posted on Microsoft’s own site.
A threat researcher at Proofpoint described the scam as abusing a Power BI function to add external addresses as subscribers, noting the attack combines trusted sender credibility with voice social engineering to bypass traditional filters. Dan Goodin wrote the piece for Ars Technica on 27 January 2026.