Microsoft OneDrive Scam Email: July 2019 Update!

Microsoft OneDrive is a great way to share files across your network. However, it is constantly being targeted for phishing email scams.


Recently our engineers have spotted a recent phishing scam which has affected some business accounts. Worryingly, the scam seems to send from actual email addresses of users, rather than a fake email hiding behind a pseudonym.


We are always on alert to help protect our customers, but we feel this information could be extremely valuable to other Office 365 users. As we’ve done previously with fake email tips and Outlook signature issues.


What can you do? Follow our steps and see what things you need to look out for!


What is this OneDrive phishing scam?


The scam is disguised as a simple PDF attached to an email. Yet instead of opening the PDF, you are taken to a site outside of OneDrive and asked to enter your Microsoft credentials (login information)


The email could have a normal subject line such as ‘Payment’ or ‘Invoice’ but will probably contain no information in the body of the email. This is because it is replaced with the OneDrive shared file design, like this:


Microsoft OneDrive Phishing Email Scam
First, the OneDrive sharing email appears


When the user clicks open, they are taken to the actual Microsoft OneDrive storage account of that user where an image file has been uploaded.


Microsoft OneDrive Phishing Email Scam
Opening the link takes you to a live file in a personal OneDrive location


If you look at the top of the page, OneDrive gives you the option to ‘download’ the file. If this was a genuine email or a page with an attachment. These options wouldn’t be available.


Microsoft OneDrive Phishing Email Scam
This is actually uploaded as an image, hence why you are given the option to download


What is worrying, is that the link and placement of this file are genuine. Our engineer checked the certificate and can see that the site issues to


Microsoft OneDrive Phishing Email Scam
Our Engineer checked the certificate to check the OneDrive site was legitimate


If the user, then clicks on the attachment (which isn’t a clickable button as the whole page is an image) the user is taken to a site outside of OneDrive. However, the design is very convincing…


Microsoft OneDrive Phishing Email Scam
Clicking the attachment (image) takes you to a Microsoft credential login page


The user is then displayed with a login screen, requesting the user’s credentials. If you look at the top of the page, the URL has now changed. And again, our engineer has reviewed the certificate of this webpage and can see that this is not a genuine OneDrive link.

Microsoft OneDrive Phishing Email Scam
Identifying the URL shows that this is now outside the OneDrive link location
Microsoft OneDrive Phishing Email Scam
Our engineer spotted that this site is outside of OneDrive, but has recently been registered

Next steps?


If you do find yourself in a situation where you aren’t sure if a link is genuine or not. Do not hesitate to get in contact. You can reach us by logging a ticket with our support team, refer to our guides if you need assistance.


Alternatively please get in contact with us on 02920 887 362 or send us an email at

← Back to the blog

One thought on “Microsoft OneDrive Scam Email: July 2019 Update!”

Leave a Reply

Your email address will not be published. Required fields are marked *

20 − 9 =

Let’s stay in touch! We send out a weekly email
full of free IT tips, Cyber Security help and much more.

Email address:

Sign up for the latest IT news and Cyber Security tips!

Email address: