Microsoft OneDrive is a great way to share files across your network. However, it is constantly being targeted for phishing email scams.
Recently our engineers have spotted a recent phishing scam which has affected some business accounts. Worryingly, the scam seems to send from actual email addresses of users, rather than a fake email hiding behind a pseudonym.
We are always on alert to help protect our customers, but we feel this information could be extremely valuable to other Office 365 users. This scam is an example of a Phishing Attack which employs URL spoofing in it’s execution.
What can you do? Follow our steps and see what things you need to look out for!
What is this OneDrive phishing scam?
The scam is disguised as a simple PDF attached to an email. Yet instead of opening the PDF, you are taken to a site outside of OneDrive and asked to enter your Microsoft credentials (login information)
The email could have a normal subject line such as ‘Payment’ or ‘Invoice’ but will probably contain no information in the body of the email. This is because it is replaced with the OneDrive shared file design, like this:
When the user clicks open, they are taken to the actual Microsoft OneDrive storage account of that user where an image file has been uploaded.
If you look at the top of the page, OneDrive gives you the option to ‘download’ the file. If this was a genuine email or a page with an attachment. These options wouldn’t be available.
What is worrying, is that the link and placement of this file are genuine. Our engineer checked the certificate and can see that the site issues to onedrive.com.
If the user, then clicks on the attachment (which isn’t a clickable button as the whole page is an image) the user is taken to a site outside of OneDrive. However, the design is very convincing…
The user is then displayed with a login screen, requesting the user’s credentials. If you look at the top of the page, the URL has now changed. And again, our engineer has reviewed the certificate of this webpage and can see that this is not a genuine OneDrive link.
Having trouble with email spam and phishing dangers?
We’ve just released our new software ‘SecureIT’ – a platform that actively trains users on how to avoid phishing dangers and spot fake emails before they do damage to your organisation.
Visit our overview page here or watch our quick introductory video:
Next steps
If you do find yourself in a situation where you aren’t sure if a link is genuine or not. Do not hesitate to get in contact.
Contact us on 02920 887 362 or email info@excellence-it.co.uk
