Service abuse: Microsoft Power BI callback scam

calendar Jan 22, 2026  ·
Share on: linkedin copy

Detects callback scam content sent from the legitimate Microsoft Power BI service email address, indicating potential service abuse to distribute fraudulent callback solicitations.

Sublime rule (View on GitHub)

 1name: "Service abuse: Microsoft Power BI callback scam"
 2description: "Detects callback scam content sent from the legitimate Microsoft Power BI service email address, indicating potential service abuse to distribute fraudulent callback solicitations."
 3type: "rule"
 4severity: "medium"
 5source: |
 6  type.inbound
 7  and sender.email.email == 'no-reply-powerbi@microsoft.com'
 8  and any(ml.nlu_classifier(body.current_thread.text).intents,
 9          .name == "callback_scam"
10  )  
11attack_types:
12  - "Callback Phishing"
13tactics_and_techniques:
14  - "Out of band pivot"
15  - "Social engineering"
16detection_methods:
17  - "Content analysis"
18  - "Natural Language Understanding"
19  - "Sender analysis"
20id: "7a55388e-5480-5916-ac4f-b9db5e7ac28d"
to-top