Fake OneDrive notification

Posted by Emmanuel Marshall on 10 August 2018 13:34:25 AEST

If you see this message show up in your inbox, please delete it; it’s a phishing attack.

Although it’s been designed to look like an innocuous notification message, the “view completed document” link actually points to a phishing page - shown below - set up to harvest people’s email login credentials.   

Screenshot from 2018-08-10 13-17-14

The forged OneDrive branding is typical of this sort of cybercrime attack. The use of trusted trademarks to disguise scams is known as “brandjacking,” and it’s a common practice in phishing. When a brandjacking message shows up in a victim’s inbox, they feel safe opening it because it looks like a legitimate email from a familiar company.

 

What is "phishing?"


Phishing is the practice of tricking email recipients into revealing personal information that criminals can exploit for gain.

Phishing emails go to a wide group of random people; it’s like a fisherman casting a wide net to see what he can catch. The attackers know that not everyone will respond, but they know that if they send enough emails out somebody will probably take the bait.

A phishing attack message will typically include a link that will send the unwary victim to a fake login website. Once there, the user will be asked to enter username and password data which will be automatically captured by the phishing page.

Scammers use phishing pages to collect login credentials for email accounts, bank accounts, and a wide range of other online services.

 

What can hackers do with email credentials?


180720-immitationOne well-crafted
email is all a cybercriminal needs to get inside a company’s defences. They’ll send millions of messages to random inboxes, using tricks like fake notification messages made to look like they come from big, recognisable companies. The criminals objective is to trick an unwary person to click on a link and submit their password details or download a file infected with spyware. With those simple tricks, hackers can get inside a company’s computer system and access all kinds of valuable data like contact lists and financial files.

Read more about the deceptive techniques used by cybercriminals in this article by MailGuard CEO Craig McDonald:
The imitation game: email fraud, phishing & brandjacking.

 

Topics: scam email OneDrive Threat Update ZeroDay cybercrime Phishing

Back to Blog

Comments:


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.

Remember:

  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all