Have you received a phishing email that looks like it has a OneDrive attachment? Yes, it’s a phishing email, complete with logo, convincing looking recipient and all of the other hallmarks of a well composed, malware infesting scam. We’ve taken a closer look at this clever little scam that’s flying under the radar.
What’s a phishing email?
A phishing email is an email sent with the sole intention of getting something out of the recipient. It does this in a myriad of ways; sometimes by asking for your personal information directly, sometimes tricking you into downloading some internet nasties like malware or ransomware, and sometimes by getting you to type in a password on a convincing looking copy of a website you trust.
Once they’ve got some information, or access to your machine, you could be looking at your accounts being hacked, your bank account being debited, or your documents being encrypted (with the provision that you can get them back in exchange for BitCoin). The effects can be pretty devastating for SMEs, who may not have the time or financial resources to recover.
Learning to recognise phishing emails is incredibly important, as all of these mildly annoying to completely disastrous consequences can often only occur if you’ve fallen for the email in the first place.
What is the OneDrive attachment phishing scam?
This email appeared in the inbox of one of our customers, who forwarded it onto Transcendit. As you can see, at a quick glance it passes the test; in front and centre is the OneDrive logo. This is a common phishing tactic, where the phishers use a brand or logo that the recipient is likely to recognise, and by extension, trust. The words, ‘secure drive’ are also intended to reassure the recipient that this a legitimate email.
The sender also looks fairly trustworthy; rather than a huge amount of grammatical mistakes, or a string of nonsensical letters and numbers, the sender looks to be a real person sending an attachment. A quick internet search also confirms that the business is real and the sender is real. It’s also a business based in the North East, which suggests that this is a targeted attack.
Whilst on the surface, everything looks legitimate, when we hover over the link that’s provided the URL that appears isn’t for OneDrive at all. It’s actual sending us somewhere on the website ‘webinextechnoweb’, which almost sounds IT related unless you read it twice. We suspect that on clicking this link, a website that looks a little like OneDrive, Microsoft or Outlook may prompt you to put in your password.
Why does it matter if phishers have my password for OneDrive?
Although your login details for OneDrive may seem a little innocuous, this information can be hugely valuable. If you don’t have a unique password for each of your online accounts, the phishers now have access to every account that you’ve made with the same login details. Some of those may also have your banking information stored. If phishers gain access to your email account, they can scan your inbox and potentially reset the login details to every other online account you have. Any documents sent or received can also now be accessed.
How should I protect myself against phishing?
Read emails carefully, and take your time. Hover over links to see where they are taking you before you click. Look out for misspellings, grammar errors and anything that doesn’t look quite right. If in doubt, find the telephone number of the person who has supposedly emailed you and give them a quick call to confirm that the email really is from them. Consider setting up two-factor authentication on your online accounts, so that they can’t be reset using just your email. And anything that you’re still not sure about, forward to your friendly IT support team.
Tweet us @TranscenditUK