One Drive.png

Scam of the Week – OneDrive users hit with sneaky phishing scam

Windows 10 users are being warned to avoid a phishing scam that attempts to trick them into handing over their usernames and passwords.

The scam is targeting users of Microsoft’s OneDrive cloud hosting service. OneDrive is integrated into Windows 10 and offers up to 5GB of free storage for documents, photos and other files in the cloud.

As traditional phishing scams become easier to spot, fraudsters are trying out new methods to evade detection and slip under the radar.

In this latest scam, victims have reported receiving an email that claims to be an alert from their email server. It uses the subject line 'Encrypted Message Received' and prompts the user to log in to read the encrypted message.

Image: Phishing message (source: Bleeping Computer)

Phishing message

When the user clicks on the 'View Encrypted Email', they are brought to a fake OneDrive Business page that prompts them to click an ‘Open’ button to view the message. They are then directed to another page that asks them to login with their ‘professional email login’.

As soon as a OneDrive username and password is entered into the fake site, the attackers have all the information they need. They can then access the user's account or attempt to break into other accounts using the same stolen details.

 Image: OneDrive phishing website

Phishing website

To the untrained eye, the page may appear entirely legitimate, however the URL for the alleged OneDrive login page is not an official Microsoft address. At this stage, alarm bells should be ringing and the user should immediately leave the site and avoid entering any further information.

Microsoft have provided advice to users on what steps they should take if they believe they've been scammed online:

  • Uninstall applications that scammers have asked you to install
  • If you have given scammers access, consider resetting your device
  • Run a full scan with Windows Security to remove any malware
  • Apply all security updates as soon as they are available. To see available updates, select the Start button, then select Settings > Update & Security > Windows Update
  • Change your passwords
  • Call your credit card provider to contest the charges if you have already paid
  •  Monitor logon activity. Use Windows Defender Firewall to block traffic to services that you would not normally access

To protect yourself from falling victim to these types of online scams, never click on suspicious links or download attachments from unknown sources. Other signs to look out for include; a generic greeting, poor grammar, a mismatched URL, threatening or urgent language, claims of prizes or a request for personal information.

If you’re looking to start a phishing awareness campaign or would like more information on how to protect yourself online, get in touch to find out how we can help. Our MetaPhish platform has been specifically designed to protect businesses from phishing and ransomware attacks and provides the first line of defence in combatting cyber-crime.