Blog

Scams - How spammers are using the Power Platform to send mass email messages!

Unfortunately, there appear to be rare cases where users take advantage of the Power Platform for dishonest purposes. Read this post to find out more, including how to report malicious activity.

The Power Platform makes it so quick and easy to build apps, I guess it should come as no surprise that some choose to use it for malicious purposes.

I noticed an interesting post today from a user who reported receiving spam email messages, purporting to come from "microsoft@powerapps.com".

I've posted the contents from the post below to illustrate the nature of the content. It's the typical ransom type message that usually ends up in our spam folders.

Many Power Platform builders can see how simple it is to carry out this type of malicious mass mailing. An attacker can easily import a list of email addresses (or use formula to generate random addresses), and then send the messages using one of the many email connectors. Specifically, the Mail connector sends messages from "microsoft@powerapps.com" (as mentioned in my post below), so this appears to be the connector that was used in this case.

http://powerappsguide.com/blog/post/when-and-how-to-use-mail-connector



How to report abusive use of Power Apps and the Power Platform

With this particular case, I reported the incident to Heather, our Power Apps community manager, who was very helpful and quick to relay this to the Power Platform team.

However, if anyone else receives malicious messages that originate from Power Platform, or happens to be the victim of some other malicious activity that originates from a Microsoft Online Service, the best thing to do is to report the activity to Microsoft through the link beneath.

https://msrc.microsoft.com/report/abuse

Following a report, Microsoft will investigate and hopefully suspend the accounts in question. Reporting such incidents is the best thing to do, in order to help protect those who are more susceptible to falling for these types of internet scams.



Previous
Next