The Power Platform makes it so quick and easy to build apps, I guess it should come as no surprise that some choose to use it for malicious purposes.
I noticed an interesting post today from a user who reported receiving spam email messages, purporting to come from "email@example.com".
I've posted the contents from the post below to illustrate the nature of the content. It's the typical ransom type message that usually ends up in our spam folders.
Many Power Platform builders can see how simple it is to carry out this type of malicious mass mailing. An attacker can easily import a list of email addresses (or use formula to generate random addresses), and then send the messages using one of the many email connectors. Specifically, the Mail connector sends messages from "firstname.lastname@example.org" (as mentioned in my post below), so this appears to be the connector that was used in this case.
How to report abusive use of Power Apps and the Power Platform
With this particular case, I reported the incident to Heather, our Power Apps community manager, who was very helpful and quick to relay this to the Power Platform team.
However, if anyone else receives malicious messages that originate from Power Platform, or happens to be the victim of some other malicious activity that originates from a Microsoft Online Service, the best thing to do is to report the activity to Microsoft through the link beneath.
Following a report, Microsoft will investigate and hopefully suspend the accounts in question. Reporting such incidents is the best thing to do, in order to help protect those who are more susceptible to falling for these types of internet scams.