内容来源：https://lifehacker.com/tech/microsoft-phishing-email-scam?utm_medium=RSS

内容总结：

近日，一种新型网络钓鱼骗局被曝光，该骗局利用微软Power BI平台的订阅功能，从真实的微软官方邮箱“[email protected]”发送欺诈邮件。安全媒体Ars Technica指出，该邮箱地址曾被微软建议用户加入信任列表，因此更具迷惑性。

在此类骗局中，用户会收到伪装成微软Power BI平台发送的邮件，内含伪造的高额账单（涉及PayPal、Norton LifeLock、微软365等服务），并附上所谓“争议处理”电话号码。一旦受害者拨打电话，诈骗分子会诱导其安装远程控制软件，或直接套取个人敏感信息。安全专家提醒，任何回应此类邮件的行为——包括拨打电话、回复邮件或点击链接——均可能导致设备被控制或数据泄露。

尽管这些邮件常出现拼写错误、语法混乱且内容与微软业务关联性低，但诈骗者利用用户对知名品牌的信任，配合“紧急处理”等话术，仍使部分警惕性不足的受害者上当。类似手法此前已在其他平台出现：例如诈骗者曾利用PayPal的订阅计费漏洞，从“service[at]paypal[dot]com”发送虚假交易通知；亦有过通过Google Sites注册谷歌子域名并绑定谷歌账号发送恶意邮件的情况。

安全建议：用户需对任何索要个人信息或要求紧急操作的邮件保持警惕，即使其显示为可信的发件地址。遇到可疑账单或通知时，应通过官方独立渠道核实，切勿直接使用邮件中提供的联系方式。

中文翻译：

随着诈骗分子不断寻找冒充知名品牌的新手段，用户应对可疑邮件保持警惕——即便这些邮件看似来自正规企业邮箱。科技媒体Ars Technica近期揭露了一种滥用微软订阅功能的钓鱼骗局：诈骗者通过微软官方建议用户加入白名单的真实地址[email protected]发送欺诈邮件。

微软Power BI钓鱼骗局运作模式
在此类骗局中，目标用户会收到来自微软商业分析平台Power BI关联地址的邮件。邮件内含伪造的高额账单收据（涉及PayPal、Norton LifeLock、Microsoft 365等服务），并附有所谓"申诉联系电话"。一旦拨通电话，诈骗分子会诱导受害者安装远程控制软件以劫持设备，或直接套取个人信息。与其他钓鱼骗局类似，任何互动行为——拨打电话、回复邮件或点击链接——都将使个人数据与设备安全面临风险。

这些邮件通常充斥拼写错误、语法问题及紧急行动要求，且内容多与微软业务毫无关联。多数用户能识别这些危险信号并直接删除邮件。但诈骗者利用用户对知名品牌的信任，辅以恐吓手段，使部分人群落入圈套。

此类钓鱼骗局早已屡见不鲜：此前已有攻击者通过类似漏洞，利用真实的PayPal和谷歌邮箱地址发送恶意邮件。以PayPal为例，诈骗者曾滥用该平台的订阅计费功能，从service[at]paypal[dot]com发送虚假交易通知；而在谷歌案例中，诈骗者通过Google Sites注册谷歌子域名，并将其与谷歌账户绑定实施欺诈。

英文来源：

As scammers continue to find ways to impersonate known brands, users should remain wary of spam-like emails—even if they appear to come from a legitimate company address.
Ars Technica has identified a scheme that abuses a Microsoft subscription feature to send phishing emails from [email protected], a real address that the company advises users to add to their allow lists.
How the Microsoft Power BI scam works
Users targeted with this scam have received emails from an address connected to Microsoft Power BI, a business analytics platform. The messages include (fake) billing receipts with large purchase amounts from services like PayPal, Norton LifeLock, and Microsoft 365 and a phone number to call to dispute the transaction.
Scammers on the other end of the line may try to convince you to install a remote access application that allows device takeover or will otherwise extract personal information. As with any phishing scam, engaging in any way—calling the number, responding to the email, or clicking links—could put your data and your device at risk.
The emails themselves are full of typos and grammar errors and urgent calls to action that are, in most cases, completely unrelated to Microsoft itself. Many users would spot these red flags and know to simply delete the message. However, threat actors capitalize on the trust users have in the brands they're exploiting along with scare tactics to trap some people in the scheme.
This is also far from the first phishing scheme of its kind: Threat actors have sent malicious emails from legitimate PayPal and Google addresses (to name just two) by exploiting similar loopholes. In the case of PayPal, fraudulent purchase notifications sent from service[at]paypal[dot]com abused the platform's subscription billing feature. With Google, scammers registered google.com subdomains via Google Sites and linked them with Google Accounts.