Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Power BI is turning 10! Let’s celebrate together with dataviz contests, interactive sessions, and giveaways. Register now.

Reply
adm_dwier
New Member

Anonymous, public BI Dashboards are being used to circumvent phishing protections in email

Wednesday

Hello,

 

Scammers are getting people's credentials, and:

  1. Creating a new Dashboard with a link to a fake Microsoft logon page.
  2. Setting permissions on this dashboard to be public.
  3. Sending this link to 365 customers, which gets through 365 malware filters, since it's a link to a PowerBI dashboard

Needed:

  • Items created on platforms like PowerBI (or Word Online, etc) need to be scanned for links out to malicious sites
  • PowerBI dashboards need to have a way to identify the owner of the dashboard
  • All sharing platforms need a way to report malicious content. Currently, PowerBI has a 'report' button you can (eventually) find in the sharing menu, but it links to a technote that recommends using this community forum for support.

Example is below.

 

CAUTION, this is a live scam link (as of 11 June 2025) that lands on a PowerBI "dashboard" that holds one link to a fake Microsoft logon page:

 

https://app.powerbi.com/view?r=eyJrIjoiNDIzNTQ4MmYtYmJkMC00NjBhLTgzZDYtZmNkODAwZWRkMGNmIiwidCI6ImQ5Y...

 

This is a link that was sent to several of our employees by a third party, showing how PowerBI is being used as an intermediary to get around 365 mail protections and compromise Microsoft accounts - and we have no recourse, or way to report this to Microsoft.

Labels:
Message 1 of 5
227 Views
0
4 REPLIES 4
v-venuppu
Community Support
Community Support

Monday

Hi @adm_dwier ,

Have you had a chance to raise a  ticket and resolve this issue? If so, please consider sharing the solution in the forum and marking it as accepted, this will help other members find the answer more easily.

Thank you.

Message 5 of 5
36 Views
0
v-venuppu
Community Support
Community Support

Thursday

Hi @adm_dwier   ,

Thank you for reaching out to Microsoft Fabric Community.

Thank you @GilbertQ for the prompt response.

Report the dashboard as malicious to Microsoft via:
https://www.microsoft.com/en-us/wdsi/support/report-unsafe-site

 

Submit a detailed abuse case through:
https://msrc.microsoft.com/

 

I also recommend submitting your detailed feedback and ideas through Microsoft's official feedback channels, such as the Fabric Ideas - Microsoft Fabric Community

 

If this post helps, then please consider Accepting as solution to help the other members find it more quickly, don't forget to give a "Kudos" – I’d truly appreciate it! 

Thank you.

 

 

 

Message 4 of 5
105 Views
0
GilbertQ
Super User
Super User

Wednesday

Hi @adm_dwier 

 

What would highly recommend if you're using this or business users, is to not use the publish to a feature which can allow such instances to occur, but rather to pay for the licensing so the users have to be authenticated before they can access the reports. This will ensure that there are only accessing reports in a secure manner.





Did I answer your question? Mark my post as a solution!

Proud to be a Super User!







Power BI Blog

Message 3 of 5
159 Views
0
adm_dwier
New Member

Wednesday

I'll note that I've seen scammers using other services as web hosting for scam landing pages, this isn't just PowerBI. Adobe, DocuSign, Canva, etc. Since the links go to the real app, they're not flagged. It's the link that's hosted there that bounces the user out to a fake 365 logon page.

Message 2 of 5
221 Views
0

Helpful resources

Announcements
June 2025 Power BI Update Carousel

Power BI Monthly Update - June 2025

Check out the June 2025 Power BI update to learn about new features.

June 2025 community update carousel

Fabric Community Update - June 2025

Find out what's new and trending in the Fabric community.

View All