Skip to main content

Don’t click download on the OneDrive attachment phishing email

Have you received a phishing email that looks like it has a OneDrive attachment? Yes, it’s a phishing email, complete with logo, convincing looking recipient and all of the other hallmarks of a well composed, malware infesting scam. We’ve taken a closer look at this clever little scam that’s flying under the radar.

What’s a phishing email?

A phishing email is an email sent with the sole intention of getting something out of the recipient. It does this in a myriad of ways; sometimes by asking for your personal information directly, sometimes tricking you into downloading some internet nasties like malware or ransomware, and sometimes by getting you to type in a password on a convincing looking copy of a website you trust. 

Once they’ve got some information, or access to your machine, you could be looking at your accounts being hacked, your bank account being debited, or your documents being encrypted (with the provision that you can get them back in exchange for BitCoin). The effects can be pretty devastating for SMEs, who may not have the time or financial resources to recover. 

Learning to recognise phishing emails is incredibly important, as all of these mildly annoying to completely disastrous consequences can often only occur if you’ve fallen for the email in the first place.

What is the OneDrive attachment phishing scam?

This email appeared in the inbox of one of our customers, who forwarded it onto Transcendit. As you can see, at a quick glance it passes the test; in front and centre is the OneDrive logo. This is a common phishing tactic, where the phishers use a brand or logo that the recipient is likely to recognise, and by extension, trust. The words, ‘secure drive’ are also intended to reassure the recipient that this a legitimate email.

The sender also looks fairly trustworthy; rather than a huge amount of grammatical mistakes, or a string of nonsensical letters and numbers, the sender looks to be a real person sending an attachment. A quick internet search also confirms that the business is real and the sender is real. It’s also a business based in the North East, which suggests that this is a targeted attack. 

Whilst on the surface, everything looks legitimate, when we hover over the link that’s provided the URL that appears isn’t for OneDrive at all. It’s actual sending us somewhere on the website ‘webinextechnoweb’, which almost sounds IT related unless you read it twice. We suspect that on clicking this link, a website that looks a little like OneDrive, Microsoft or Outlook may prompt you to put in your password. 

Why does it matter if phishers have my password for OneDrive?

Although your login details for OneDrive may seem a little innocuous, this information can be hugely valuable. If you don’t have a unique password for each of your online accounts, the phishers now have access to every account that you’ve made with the same login details. Some of those may also have your banking information stored. If phishers gain access to your email account, they can scan your inbox and potentially reset the login details to every other online account you have. Any documents sent or received can also now be accessed.

How should I protect myself against phishing?

Read emails carefully, and take your time. Hover over links to see where they are taking you before you click. Look out for misspellings, grammar errors and anything that doesn’t look quite right. If in doubt, find the telephone number of the person who has supposedly emailed you and give them a quick call to confirm that the email really is from them. Consider setting up two-factor authentication on your online accounts, so that they can’t be reset using just your email. And anything that you’re still not sure about, forward to your friendly IT support team.

Tweet us @TranscenditUK


The Transcendit Way

Transcendit understand that when you choose to work with us, whether we're taking care of your IT, app or web development, you're trusting us with part of your business. So whether we're looking after your computers, phone systems or servers we always do things 'the Transcendit way'.

The whole of our team adhere to the same values, beliefs and policies - the principles that were written when Transcendit first formed in 2000. Whether you come to us for a refurbished computer, cloud services or recovery backup you can be confident that you'll always receive the same excellent service.

The Transcendit way outlines how we do business; following the same straightforward principles with every client and customer, regardless of how big or small they may be.

That means we get to know you and your business. We offer you a friendly, professional and efficient service, and we'll always be honest with you.
We understand that not everybody speaks fluent IT, so we try to explain things in a way that is simple and clear. We always spend as much time as is necessary explaining things to you.
If you need to talk to us about something, no matter how insignificant, we are only ever a phone call away – and we’re never too busy to make you a cup of tea and have a sit down with you in person.
We understand how frustrating it can be when things are late. When we schedule an appointment with you, we are there when you’re expecting us. If something prevents us from getting there, we always call you in advance to let you know.
Sometimes things can go wrong, but we never lie to you or try to cover something up. If things go askew we tell you what’s happened and how we plan to prevent it affecting your business.
We want you to continuously benefit from working with us. We regularly discuss your business and make suggestions for improving systems and processes wherever we can – but we never try to push you into a purchase.
When we quote a fixed price, that's always the amount we charge – you won’t find any nasty surprises on a bill from us. If you are paying by time and materials, we inform you if our approximations could change.
We understand the importance of privacy for your business and your customers. We respect the confidentiality of your data, and we will never pass on your information to third parties.
We appreciate it when you take the time to give us feedback. A system called CustomerSure records our client's responses, so you can trust that our reviews are from real people.
Find out what they're saying here.
We have taken on some account managers from our local competitors, and by all accounts Paradigm is leagues ahead of anything else out there. The benefit it is giving our business from both an account manager's point of view and the back of house administrative aspect is fantastic. Ross Gill, IU Consult

Based on 8393 reviews our customers rate us 9.8/10. Reviews and ratings by Customersure. 23-December-2019

Transcendit are proud sponsors of CHUF, the Children's Heart Unit Fund.

Transcendit is a Living Wage employer