You receive an email from someone you know – friend or colleague or someone you do business with. For whatever reason they are in your email contacts and appear to have sent you a file on One Drive.
You need to click the link to retrieve the file.
The message says
Hello,
Name used One Drive to share some files with you. (where name is the person you know)
Click on the link below
Whether or not you expect to receive such a file, you may decide to click the link.
But that is a bad idea.
There are two ways this can go
- The link is to a Russian website which attempts to copy your email contacts – once done then the scammer will send out emails in your name to all of your contacts and as they recognise you as the sender are much more likely to trust whatever is in the email.
- You on a phishing site which looks like it is One Drive. It asks for your login and password and once captured the scammer can either sell that information to other scammers or use your email login to gain access to other accounts you have. Remember, for most websites the way to get back a lost password is through your registered email address and once the scammer has that, your accounts are in danger.
Whether the email you receive is a type 1 or type 2 scam – DO NOT CLICK THE LINK. Just delete the message.
Recent variants of the type 2 scam even see the website installing a rule in your email client so that all incoming emails are deleted. This is to prevent anyone warning you by email that you have been scammed and must take action immediately.
Take Action
- Change your email address
- If you have accounts using that email address and password, then change those passwords
- Check your email client to see if any rules have been added and if so then delete them
- Monitor your email carefully and if there is suspicious activity, you may want to delete that account and get yourself a new email account.
Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.
