If you see this message show up in your inbox, please delete it; it’s a phishing attack.
Although it’s been designed to look like an innocuous notification message, the “view completed document” link actually points to a phishing page - shown below - set up to harvest people’s email login credentials.
The forged OneDrive branding is typical of this sort of cybercrime attack. The use of trusted trademarks to disguise scams is known as “brandjacking,” and it’s a common practice in phishing. When a brandjacking message shows up in a victim’s inbox, they feel safe opening it because it looks like a legitimate email from a familiar company.
What is "phishing?"
Phishing is the practice of tricking email recipients into revealing personal information that criminals can exploit for gain.
Phishing emails go to a wide group of random people; it’s like a fisherman casting a wide net to see what he can catch. The attackers know that not everyone will respond, but they know that if they send enough emails out somebody will probably take the bait.
A phishing attack message will typically include a link that will send the unwary victim to a fake login website. Once there, the user will be asked to enter username and password data which will be automatically captured by the phishing page.
Scammers use phishing pages to collect login credentials for email accounts, bank accounts, and a wide range of other online services.
What can hackers do with email credentials?
One well-crafted email is all a cybercriminal needs to get inside a company’s defences. They’ll send millions of messages to random inboxes, using tricks like fake notification messages made to look like they come from big, recognisable companies. The criminals objective is to trick an unwary person to click on a link and submit their password details or download a file infected with spyware. With those simple tricks, hackers can get inside a company’s computer system and access all kinds of valuable data like contact lists and financial files.
Read more about the deceptive techniques used by cybercriminals in this article by MailGuard CEO Craig McDonald:
The imitation game: email fraud, phishing & brandjacking.