Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Join us for an expert-led overview of the tools and concepts you'll need to become a Certified Power BI Data Analyst and pass exam PL-300. Register now.

Reply
adm_dwier
New Member

Anonymous, public BI Dashboards are being used to circumvent phishing protections in email

Hello,

 

Scammers are getting people's credentials, and:

  1. Creating a new Dashboard with a link to a fake Microsoft logon page.
  2. Setting permissions on this dashboard to be public.
  3. Sending this link to 365 customers, which gets through 365 malware filters, since it's a link to a PowerBI dashboard

Needed:

  • Items created on platforms like PowerBI (or Word Online, etc) need to be scanned for links out to malicious sites
  • PowerBI dashboards need to have a way to identify the owner of the dashboard
  • All sharing platforms need a way to report malicious content. Currently, PowerBI has a 'report' button you can (eventually) find in the sharing menu, but it links to a technote that recommends using this community forum for support.

Example is below.

 

CAUTION, this is a live scam link (as of 11 June 2025) that lands on a PowerBI "dashboard" that holds one link to a fake Microsoft logon page:

 

https://app.powerbi.com/view?r=eyJrIjoiNDIzNTQ4MmYtYmJkMC00NjBhLTgzZDYtZmNkODAwZWRkMGNmIiwidCI6ImQ5Y...

 

This is a link that was sent to several of our employees by a third party, showing how PowerBI is being used as an intermediary to get around 365 mail protections and compromise Microsoft accounts - and we have no recourse, or way to report this to Microsoft.

1 ACCEPTED SOLUTION
v-venuppu
Community Support
Community Support

Hi @adm_dwier   ,

Thank you for reaching out to Microsoft Fabric Community.

Thank you @GilbertQ for the prompt response.

Report the dashboard as malicious to Microsoft via:
https://www.microsoft.com/en-us/wdsi/support/report-unsafe-site

 

Submit a detailed abuse case through:
https://msrc.microsoft.com/

 

I also recommend submitting your detailed feedback and ideas through Microsoft's official feedback channels, such as the Fabric Ideas - Microsoft Fabric Community

 

If this post helps, then please consider Accepting as solution to help the other members find it more quickly, don't forget to give a "Kudos" – I’d truly appreciate it! 

Thank you.

 

 

 

View solution in original post

5 REPLIES 5
v-venuppu
Community Support
Community Support

Hi @adm_dwier ,

We are following up once again regarding your query. Could you please confirm whether the issue has been resolved through your support ticket with Microsoft?

If so, we would appreciate it if you could share the resolution or any key insights here to benefit others in the community. If we don’t receive a response, we will proceed with closing this thread.

If you need further assistance in the future, feel free to start a new thread in the Microsoft Fabric Community Forum. We will be happy to support you there.

Thank you

v-venuppu
Community Support
Community Support

Hi @adm_dwier ,

Have you had a chance to raise a  ticket and resolve this issue? If so, please consider sharing the solution in the forum and marking it as accepted, this will help other members find the answer more easily.

Thank you.

v-venuppu
Community Support
Community Support

Hi @adm_dwier   ,

Thank you for reaching out to Microsoft Fabric Community.

Thank you @GilbertQ for the prompt response.

Report the dashboard as malicious to Microsoft via:
https://www.microsoft.com/en-us/wdsi/support/report-unsafe-site

 

Submit a detailed abuse case through:
https://msrc.microsoft.com/

 

I also recommend submitting your detailed feedback and ideas through Microsoft's official feedback channels, such as the Fabric Ideas - Microsoft Fabric Community

 

If this post helps, then please consider Accepting as solution to help the other members find it more quickly, don't forget to give a "Kudos" – I’d truly appreciate it! 

Thank you.

 

 

 

GilbertQ
Super User
Super User

Hi @adm_dwier 

 

What would highly recommend if you're using this or business users, is to not use the publish to a feature which can allow such instances to occur, but rather to pay for the licensing so the users have to be authenticated before they can access the reports. This will ensure that there are only accessing reports in a secure manner.





Did I answer your question? Mark my post as a solution!

Proud to be a Super User!







Power BI Blog

adm_dwier
New Member

I'll note that I've seen scammers using other services as web hosting for scam landing pages, this isn't just PowerBI. Adobe, DocuSign, Canva, etc. Since the links go to the real app, they're not flagged. It's the link that's hosted there that bounces the user out to a fake 365 logon page.

Helpful resources

Announcements
Join our Fabric User Panel

Join our Fabric User Panel

This is your chance to engage directly with the engineering team behind Fabric and Power BI. Share your experiences and shape the future.

June 2025 Power BI Update Carousel

Power BI Monthly Update - June 2025

Check out the June 2025 Power BI update to learn about new features.

June 2025 community update carousel

Fabric Community Update - June 2025

Find out what's new and trending in the Fabric community.