Beware Encrypted OneDrive Message. Don’t Be Phish Food
By: Jim Stickley and Tina Davis
October 17, 2019
One of the latest email phishing campaigns is preying on the human curiosity factor. Microsoft’s OneDrive customers are receiving cryptic alerts pretending to be from their email server. It’s all about receiving an encrypted message. Humans being human, the thought of not investigating this mystery message is difficult to pass up. Curiosity is peaked, and the need to know is proving itself irresistible. However, those who choose to explore further are finding themselves on the wrong end of a phishing hook.
By now, cyber-smart users are getting very good at spotting phishing emails–and hackers know it. Their desire to continue using email phishing is forcing them to pursue avenues that had yet to be tried. In this case, they hope an encrypted message alert will net as many victims as possible as users are none the wiser. After a user receives the curious message, they’re told to login to their “professional” OneDrive account to read the message. By the way, hackers keep your email login for further phishing attacks. Users who stop to check the URL for this login will see it has nothing even remotely to do with their email server. The attackers are hoping the urgency of wanting to see the encrypted message outweighs the basic cyber-smarts of checking a URL before entering personally identifiable information (PII).
As users get increasingly cyber savvy, hackers need to continually reinvent and refine their scams. That makes sticking to security basics more important than ever. At home or at work, there are email phishing safety protocols we all need to follow. Below are every day, easy red flags to spot and stop phishing attacks before they start.
Always suspect the unexpected. If you’re not expecting a business or personal email from a sender, particularly if it asks for your PII, tread very carefully. Deleting a suspicious or questionable email is a great way to stay safe.
Remember that hackers are great at faking a sender, even down to the logos and other graphics that look real. Even your closest friends and co-workers can be impersonated and bogus emails are sent in their names. Always treat links and attachments with suspicion.
Don’t follow links provided in an email, especially when you don’t know the sender. Lookup the real URL the sender claims to be from and type it in yourself. If it’s legitimate and secure, you’ll be able to find out if your website account really needs your PII.
Be aware of bad grammar and spelling errors in an email. Hackers are notorious for these things, and it’s a dead giveaway that something isn’t quite right.
Avoid using public Wi-Fi, especially for banking and online purchases. Scammers can easily create their own open networks, and they love to catch as many unsuspecting users as they can. Consider using a Virtual Private Network (VPN) for remote online activities.