10/2/2023 0 Comments Microsoft one drive scamIf a recipient clicks on the Download PDF link, it will take them to the page shown above where they are prompted to login. Accepting an email document from a random and unsolicited consulting firm should be regarded as suspicious. Scammers pretend to be a consulting firm to share a secured document with the customer regarding the COVID-19 pandemic. Fake Consulting Firm Attempts to Trick Users with Secured Document This should be a red flag to the user that this may be a scam or phishing attack.Īs intended by the scammers, the user cannot access the OneDrive document to view the updated government questionnaire and, instead, will receive an error message to try again later.īy this stage, the scammers would have already stolen the user’s OneDrive personal information. A user should be aware that a legitimate OneDrive login page will never be hosted on a non-Microsoft domain. Notice that the link points users to a vulnerable WordPress site that contains a credential phishing landing page. ![]() When clicked, it takes them to the below OneDrive screenshot prompting them to enter their personal information. ![]() When the folder in the above image is clicked on, it redirects to the screenshot shown below.Ī warning saying “Hmm… looks like this file doesn’t have a preview we can show you” baits the visitor into clicking on the Open button. Remember: governments do not generally email the masses, sending unrequested documents, so a user could verify by examining the sender email address and location in the email headers and could visit the legitimate government site to see if there is COVID-19 information there instead. Scammers pretend to be from government offices and deliver documents that contain the latest live questionnaire regarding COVID-19. As the screenshot below illustrates, the goal is to steal the user’s OneDrive credentials. Nefarious Groups Attempt to Harvest Users’ Credentialsīelow we will take you through three examples of this kind of attack, coming from a government organization, consulting firm and a charitable organization hosted in OneDrive to make them appear more genuine to users. We would like to educate McAfee users and the public about the potential risks with these scams. They will pretend to be emailing from government, consulting, or charitable organizations to steal victim’s OneDrive details. OneDrive scammers will steal sensitive account information like usernames and passwords. If the email was real, it should be supported by messages online.There are number of ways scammers use to target personal information and, currently, one example is, they are taking advantage of the fear around the virus pandemic, sending phishing and scam emails to Microsoft OneDrive users, trying to profit from Coronavirus/COVID-19. Check for any problem or warning notice. ![]() Go to your browser and login to the account directly go to etc.Don’t take it at face value.įake messages are designed to trick people into quick action with a false urgency. If you get a ‘warning’ message from Microsoft, Google, Facebook or any company. The companies that are being faked could do more to help their customers but can’t stop criminals targeting their customers. It’s hard to understand why ‘’ was ever allowed as a default domain. We hear much about Microsoft’s commitment to security, but they allow these gaping holes to exist and continue. Yes, you’d think Microsoft would take more action to stop this misuse of their services. Normally, you’d not see these domain names because the Azure customer would use their own domain names instead. The hackers leave the default domains, hoping that those names will fool people into thinking they are legitimate Microsoft sites. It’s a Microsoft owned domain name but NOT a Microsoft login page.Īzure web hosting comes with some default domains like:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |