Fake OneDrive Emails Steal Logins

OneDrive Users Remain At Risk

Attackers are sending fraudulent Microsoft OneDrive emails with links to an authentic-looking (but fake) OneDrive login page designed to steal your credentials. Once attackers have your OneDrive username and password, they can do real harm to you or your organization.

They might try to:

Reuse your password to access other accounts. Collect sensitive data about you or your company. Use your account to trick others into giving up sensitive information.

What do I look for?

There are multiple variations of this phish. Here is one example.
  1. Examine the Sender- The sender’s address includes the word ‘OneDrive’ to fool you. But look closer. The email is
    really from onlinedocshare.com, not OneDrive. Don’t be fooled by domains that include brand names.
  2. Content in Context- Is this expected? Be careful with unexpected invitations to view or download documents, even when they look legitimate. Scammers often research to find businesses and people familiar to you.
  3. Examine the link- Examine the link. While the URL uses a secure connection (https://), this doesn’t mean the site is legitimate. Examine the URL in the hover text. This link sends you to onlinedocshare.com, not OneDrive.

How do I protect myself?

If you receive an invitation to open or download a OneDrive file:
  1. Looks legitimate: Call or send an instant message to your IT team, security team, or even your boss to verify the email. 
  2. Looks Suspicious: Report it to the appropriate people in your company.

Leave a Reply

Your email address will not be published. Required fields are marked *