Gabi Power 09 June 2022 17:50:00 AEST 6 MIN READ

OneDrive Mimicked In New Phishing Scam

A new phishing scam which claims that new files are being shared with you on OneDrive is now being blocked by MailGuard. If you do not use MailGuard for email security, it’s likely someone in your business will have this land in their inbox.  

The subject line reads “New Notification” and the sender display name shows Microsoft OneDrive. However, the email is actually coming from support(at)aitc(dot)kz, which is a Kazakhstani domain.  

The email contains no official Microsoft branding but alerts the user that they have received a document titled “PL&CI documents.pdf” on OneDrive and directs them to click hyperlinked text in order to access the file.  

Here’s what the email looks like:  

MicrosoftTeams-image (20)-1


Clicking the links in the email will take the user to a webpage which is hosted on a platform called fleek(dot)co, which is not associated with Microsoft.   

The page itself is very simple, with the main focus being the ‘View document’ button. To help feign authenticity, the page also shows the recipient’s email address and a badge that says, “Verified by Symantec”. However, a key red flag is that the file is now titled “Scanned_document.pdf”, highlighting inconsistencies with the email.  

MicrosoftTeams-image (22)


When the user clicks as directed, they’re initially shown that the document is loading, then shown a warning of “authentication required”, before ending up on the phishing page where they’re asked for their password.  

MicrosoftTeams-image (21)

If the user enters their password, it’s harvested, and they’re redirected to the domain of their email address.  

Typically, file transfer and cloud storage services are used for scams that are even more sinister, encouraging victims to download malicious content onto their device. We encourage all individuals to be extra vigilant when receiving emails such as the one shown above. If you weren’t expecting it, and it’s not from an email address that you trust, do not open the file.  

By mimicking a name like Microsoft OneDrive, scammers prey on the trust that customers have in the brand and are their large customer base.  

MailGuard advises all recipients of this email to delete it immediately without clicking on any links. Providing your personal details can result in your sensitive information being used for criminal activity and may have a severe negative impact on your business and its’ financial well-being.     

MailGuard urges users not to click links or open attachments within emails that:       

  • Are not addressed to you by name.       
  • Appear to be from a legitimate company but use poor English or omits personal details that a legitimate sender would include.       
  • Are from businesses that you were not expecting to hear from, and/or       
  • Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from.      

Many businesses turn to MailGuard after an incident or a near miss, often as a result of an email similar to the one shown above. If unwanted emails are a problem for your business, don’t wait until it’s too late.  

Reach out to our team for a confidential discussion by emailing or calling 1300 30 44 30.

One email is all that it takes     

All that it takes to devastate your business is a cleverly worded email message that can steal sensitive user credentials or disrupt your business operations. If scammers can trick one person in your company into clicking on a malicious link or attachment, they can gain access to your data or inflict damage on your business.     

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security. Talk to a solution consultant at MailGuard today about securing your company's inboxes.  

Stay up-to-date with MailGuard's latest blog posts by subscribing to free updates. Subscribe to weekly updates by clicking on the button below.  

Keep Informed with Weekly Updates