Microsoft email address dik tak, Microsoft-in an customer-te laka an ‘allow list’-a telh tura an tih hial, ‘no-reply-powerbi@microsoft.com’ atanga email dawt (scam spam) thehdarh a tam hle a. He address hi Microsoft hmanraw pakhat, data analytics leh business intelligence hna thawktu Power BI atanga thuchah thawn chhuah nana hman a ni. Microsoft documentation-ah pawh he address hi ‘mail-enabled security groups’ hnenah thil thawn nan hman a ni tih tarlan a ni.
Ars Technica-in a tarlan danin, tun hnai hian he address hi hmangin mi hrang hrang hnenah $399 man thil an lei anga dawt sawina email a thleng nual a. He thil hi tidinsan (cancel) duh chuan phone number tarlanah chuan biak tur a ni a ti a. Mahse, chu number-a an han biak chuan, computer thununna hmun (remote access application) download turin an hrilh nghal a, hei hi computer-a thil pawimawh lak sakna emaw thununna (hack) tura bumtute ruahman a ni.
Security researcher-te sawi danin, bumtute hian Power BI-a ‘subscription’ function an hman sual vang a ni. Mi tuman email an thawn dawnin, he system hmang hian pawn lam email address (external email address) te chu an thil siam (report) subscriber angin an thun thei a. Email chu Microsoft domain atanga a lo chhuah tlat avangin, email security filter tam tak chuan a dang thei lova, mi pangngai tan pawh rinhlelh a harsa hle a ni.
Security firm Proofpoint-a thawk Sarah Sabotka chuan, ‘Service rinawm, Microsoft Power BI ang hman hi bumtute tan social engineering hna thawh nan a tangkai hle a ni,’ a ti. He bumhna hi email-ah chauh a tawp lova, a tak (scam) chu phone-a an inbiak hnuah a thleng chauh a, hei hian automatic email filtering a pumpelh tir a ni. Microsoft chuan he thil hi an enfiah mek thu an sawi a, tunah rih chuan hriat belh tur an la nei lo a ni.