Written by Sonya Stephens on 30 November 2018

Today I received an email with a signature form document, shared with me via OneDrive. The email address used is seemingly from an attorney in America. Looking further into this it looks legit as it is directly from the founder and senior partner of the law partner firm…. Except there is no reason for her to share any information with me.

The email wasn’t addressed to me and had no description as to what the document was about or why. We all know attorneys are rarely at a loss for words therefore this was strange, and it is safe to say an attempted Phishing email with no connection to Microsoft OneDrive.

As I’m writing this another phishing scam popped into my inbox, this time an E-fax containing 3 pages with no further detail. Phishing scams are plentiful. Some are obvious, and some are really sophisticated. Pay attention before opening attachments and be sure it is, without a doubt, from the person you know before clicking and providing credentials.

What would’ve happened if I opened the document?
If I clicked to open the document, it would save a file on my computer, e.g. file:///C:/Users/Username/AppData/Local/Microsoft/Windows/INetCache/Content.Outlook/7JUQBLBG/SignatureForm01.html, I would be taken to a fraudulent website from where it would ask me to login to one of my accounts. Then it will take me to the genuine login page and the fraudsters will be able to collect my credentials and log in as me. Click, click, type… data breached.

What to look out for:
1. Unexpected emails and requests for information
2. Emails addresses seemingly from a legitimate company
3. Content in the email lacking or impersonal

What to do:
1. Delete the message without clicking on any links or attachments
2. Report it to the legitimate company directly.

If you enjoyed this blog and would like to see more, give us a like on social media.