Power BI Notifications as a Phishing Tool: Risks, Signs, and Awareness

Observation

ProArch manages multiple Microsoft services for our clients, giving us day‑to‑day exposure to routine Microsoft notifications, including those from Power BI. We observed a phishing campaign leveraging legitimate Microsoft Power BI notification emails sent from “no-reply-powerbi@microsoft.com”.

These emails deliver fraudulent payment and order-related messages to users globally, abusing trusted Microsoft infrastructure. This activity is a known phishing tool and has been reported publicly by Microsoft community members.

What’s Happening

Attackers are exploiting Power BI’s legitimate “scorecard subscription” feature to send phishing content that appears to originate from Microsoft.

Key Characteristics Observed

• Sender address: no-reply-powerbi@microsoft.com (legitimate Microsoft sender).
• Common subject lines:
  • “Order fulfilled! Delivery is in progress”
  • “Subscription for Payment added to your PayPal Balance”
  • “Thank you for your order”
• Email body often includes a toll-free phone number encouraging users to call for support
• Text such as “name@unknownemail subscribed you to the following scorecard in Power BI: Thanks for complete Order.”
• Poor grammar and spelling errors, which are inconsistent with genuine Microsoft communications.
• No consistent malicious URLs, domains, or file-based IOCs were identified, limiting the effectiveness of traditional blocking controls.

Why This Matters

Because these emails originate from a legitimate Microsoft sender, they are more likely to bypass email security controls and gain user trust. Users may be socially engineered into calling attacker-controlled phone numbers, potentially leading to financial fraud or further compromise. Blocking the sender outright is not feasible due to its legitimate business use, increasing detection complexity.

Reference Email Screenshot

Recommendations

• Be Vigilant on emails receive about Payment/order-related language combined with Power BI subscription text.
• Presence of toll-free phone numbers in Power BI notification emails.
• Educate users that:
  • Microsoft and Power BI do not send payment confirmations via scorecard subscriptions.
  • Unexpected payment or order emails should be reported to SOC immediately.