← Back to Explore
sublimemediumRule
Service abuse: Microsoft Power BI callback scam
Detects callback scam content sent from the legitimate Microsoft Power BI service email address, indicating potential service abuse to distribute fraudulent callback solicitations.
Detection Query
type.inbound
and sender.email.email == 'no-reply-powerbi@microsoft.com'
and any(ml.nlu_classifier(body.current_thread.text).intents,
.name == "callback_scam"
)
Data Sources
Email MessagesEmail HeadersEmail Attachments
Platforms
email
Raw Content
name: "Service abuse: Microsoft Power BI callback scam"
description: "Detects callback scam content sent from the legitimate Microsoft Power BI service email address, indicating potential service abuse to distribute fraudulent callback solicitations."
type: "rule"
severity: "medium"
source: |
type.inbound
and sender.email.email == 'no-reply-powerbi@microsoft.com'
and any(ml.nlu_classifier(body.current_thread.text).intents,
.name == "callback_scam"
)
attack_types:
- "Callback Phishing"
tactics_and_techniques:
- "Out of band pivot"
- "Social engineering"
detection_methods:
- "Content analysis"
- "Natural Language Understanding"
- "Sender analysis"
id: "7a55388e-5480-5916-ac4f-b9db5e7ac28d"