Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsDesktop computingIs this email a scam??
kiwifidget

"Cookie"
3295 posts

Uber Geek

Lifetime subscriber

#243565 18-Dec-2018 15:09
Send private message

Hi,

 

I received an email this morning purporting to be from Microsoft, saying I had important documents on my OneDrive.

 

 

 

 

 

 

It looks similar to this :

 

https://www.hoax-slayer.net/onedrive-docusign-this-document-phishing-scam/

 

 

 

My instincts are saying delete.

 

Your feedback would be appreciated.

 

Thank you.




Delete cookies?! Are you insane?!

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
knoydart
904 posts

Ultimate Geek

Trusted

  #2147182 18-Dec-2018 15:13
Send private message

Yeah that looks suspect. "account authentication may be required" doesn't help!

 

From my limited MSN experience, an internal sender wouldn't have a Jeffdewalk@msn.com address. 

 

Also are you expecting files from a Jeff dewalk? 

 

Also Microsoft is Redmond based, not in downtown Seattle too. 

 
 
 
 

Move to New Zealand's best fibre broadband service (affiliate link). Note that to use Quic Broadband you must be comfortable with configuring your own router.
kiwifidget

"Cookie"
3295 posts

Uber Geek

Lifetime subscriber

  #2147185 18-Dec-2018 15:15
Send private message

I am not expecting files from anyone, let alone a Jeff.




Delete cookies?! Are you insane?!

MackinNZ
450 posts

Ultimate Geek

Lifetime subscriber

  #2147187 18-Dec-2018 15:16
Send private message

It certainly is a scam.  DELETE

 

I bet that View in OneDrive link leads to a dodgy site.  



kiwifidget

"Cookie"
3295 posts

Uber Geek

Lifetime subscriber

  #2147190 18-Dec-2018 15:30
Send private message

Thank you, I have deleted it.

 

Would I have got that email by chance, or do bad people know the email address associated with my OneDrive account?




Delete cookies?! Are you insane?!

xpd

xpd
Geek @ Coastguard NZ
13652 posts

Uber Geek

Retired Mod
ID Verified
Trusted
Lifetime subscriber

  #2147251 18-Dec-2018 18:03
Send private message

Just hover over the link and it'll show you where its really directing you.




       Gavin / xpd / FastRaccoon / Geek of Coastguard New Zealand

 

                      LinkTree -   kiwiblast.co.nz - Lego and more

 

       Support Kiwi music!   The People   Black Smoke Trigger   Like A Storm   Devilskin

 

                                            NZ GEEKS Discord______________________________

 

 

mattwnz
19994 posts

Uber Geek


  #2147254 18-Dec-2018 18:18
Send private message

IMO the number of scam emails I am now having to filter through, and some of them are now very legit looking, is almost making email worthless to me. Generally if I get any email with a link these days, I won't ever click on it. 

jarledb
Webhead
3239 posts

Uber Geek

Moderator
ID Verified
Trusted
Lifetime subscriber

  #2147256 18-Dec-2018 18:25
Send private message

mattwnz:

 

IMO the number of scam emails I am now having to filter through, and some of them are now very legit looking, is almost making email worthless to me. Generally if I get any email with a link these days, I won't ever click on it. 

 

 

You will get rid of most of the spam and these types of emails if you use Google Suite Mail (hosted email with your own domain at Google) or Gmail.

 

Hardly ever see any of the spam or phishing emails.




Jarle Dahl Bergersen | Referral Links: Want $50 off when you join Octopus Energy? Use this referral code
Are you happy with what you get from Geekzone? Please consider supporting us by making a donation or subscribing.



ANglEAUT
2273 posts

Uber Geek

Trusted
Lifetime subscriber

  #2147352 18-Dec-2018 20:22
Send private message

So, let's break this down

 

  • Unexpected email

     

    • Do you know a Jeff de Walt?
    • Why is the display name 'MSN Team', but the email looks like it belongs to an individual. There is no '... on behalf of ...'.
    • Were you expecting to review any files?

       

      • As per Steve Gibson from grc.com; did you go looking for this data or did it arrive unsolicited?
    • (False) sense of urgency. This email arrives at 06:22 on the day that it expires. There is pressure on you to get this resolved soon / immediately.

       

      • Again (I think), thanks to Steve Gibson
      • Generally, you have either a week or a month time to review files, not 18 hrs.
    • Where do the links point to?

       

      • Not only the 'View in OneDrive' button, but all links. I've seen emails were every single link points to the same URL
      • If you can't see the links, see next item
    • View the raw email itself

       

      • In Outlook.com, click the 3 button 'More actions' menu link, then choose 'View message details'
      • In Gmail.com, click the 3 button 'More' menu link, then choose 'Show original'
      • This will reveal the true destination of hyperlinks. Find all 'a href=' occurrences
      • Analyse the header to identify the source server. I like MxToolBox. There also is Messageheader, Message Header Analyser or do your own search

         

        • If it's SPAM / a scam / phishing email; more often than not it will
        • originate outside of the sending domains servers (based on FQDN & IP address range)
        • the originating server will be generic, not identifiable, such as 'localhost' or '127.0.0.1'
    • 'account authentication may be required' - Sounds very dodgy
    • 00 Pine Street, Suite 352

       

      • Google Street View of 1 Pine Street, Seattle, WA, USA does not look corporate enough to have a 'Suite 352'
        Click to see full size
      • '00' as a Street number?
      • Again, knoydart is correct in pointing out that there is no mention of Redmond
    • The subject mentions the singular 'document' while the body of the email mentions the multiple 'two (2) document'
  • OneDrive Pro

     

    • Do you have a OneDrive Pro account?
    • There used to be a SkyDrive Pro product, now known as OneDrive for Business
    • Microsoft naming conventions aside, previous experience tells me Microsoft would not make the mistake of spelling 'pro' in OneDrive pro' with a lowercase p.
  • @msn.com email address

     

    • Previously, you could get these as easily as @hotmail.com
    • As knoydart said, if @msn.com was available to the public, MSN staff would not have such a work email

 

 

Man o man, that was a lot of armchair refereeing. wink While you certainly don't have to do all of these on a suspicious email, combinations of the above will help filter out the 'legit looking ones' as per mattwnz.

 

 




Please keep this GZ community vibrant by contributing in a constructive & respectful manner.

ANglEAUT
2273 posts

Uber Geek

Trusted
Lifetime subscriber

  #2147355 18-Dec-2018 20:29
Send private message

jarledb: 
mattwnz: ... the number of scam emails I am now having to filter through, and some of them are now very legit looking ...
... use Google Suite Mail (hosted email with your own domain at Google) or Gmail.
Hardly ever see any of the spam or phishing emails.

 

jarledb, I agree with you. Gmail SPAM filters are magnitudes better than those offered by Microsoft / Outlook.com. While Google certainly is a solution, it is not an option available to everyone; be that because of their own choice or the choice or their employer.




Please keep this GZ community vibrant by contributing in a constructive & respectful manner.

yitz
2036 posts

Uber Geek


  #2147363 18-Dec-2018 20:49
Send private message

^ You missed "This mail is from a trusted sender." tongue-out

freitasm
BDFL - Memuneh
78906 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #2147397 18-Dec-2018 21:06
Send private message

The typos alone indicate scam "OneDrive pro Folder" then "One Drive"

 

Just hover over the URL and if it is not a Microsoft URL then it's a scam. 

 

If you are not expecting a document from this unknown person then it's a scam.




Please support Geekzone by subscribing, or using one of our referral links: Mighty ApeSamsung | AliExpress | Wise | Sharesies | Hatch | GoodSyncBackblaze backup

 

My technology disclosure

kiwifidget

"Cookie"
3295 posts

Uber Geek

Lifetime subscriber

  #2147434 18-Dec-2018 21:49
Send private message

thanks @lcl , I shall use that checklist for all future dodgy looking emails.

 

Thanks also to everyone else for their advice, much appreciated.




Delete cookies?! Are you insane?!

richms
27876 posts

Uber Geek

Trusted
Lifetime subscriber

  #2147439 18-Dec-2018 21:54
Send private message

I am amazed that anyone would have to ask if that is a scam or not. It screams scam.




Richard rich.ms

muppet
2535 posts

Uber Geek

Trusted

  #2147530 19-Dec-2018 06:31
Send private message

richms:

 

I am amazed that anyone would have to ask if that is a scam or not. It screams scam.

 

 

I hope it feels good.

 

 

tdgeek
29540 posts

Uber Geek

Trusted
Lifetime subscriber

  #2147539 19-Dec-2018 07:50
Send private message

richms:

 

I am amazed that anyone would have to ask if that is a scam or not. It screams scam.

 

 

No it doesn't, not to everyone. If everyone had the requisite skills, there would be no reason for Geekzone to exist.

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

Samsung 9100 Pro NVMe SSD Review
Posted 11-Apr-2025 13:11

Motorola Announces New Mid-tier Phones moto g05 and g15
Posted 4-Apr-2025 00:00

SoftMaker Releases Free PDF editor FreePDF 2025
Posted 3-Apr-2025 15:26

Moto G85 5G Review
Posted 30-Mar-2025 11:53

Ring Launches New AI-Powered Smart Video Search
Posted 27-Mar-2025 16:30

OPPO RENO13 Series Launches in New Zealand
Posted 27-Mar-2025 05:00

Sony Electronics Announces the WF-C710N Truly Wireless Noise Cancelling Earbuds
Posted 26-Mar-2025 20:37

New Harman Kardon Portable Home Speakers Bring Performance and Looks Together
Posted 26-Mar-2025 20:30

Data Insight Launches The Data Academy
Posted 26-Mar-2025 20:21

Oclean AirPump A10 Portable Water Flosser Wins iF Design Award 2025
Posted 20-Mar-2025 12:05

OPPO Find X8 Pro Review
Posted 14-Mar-2025 14:59

Samsung Galaxy Ring Now Available in New Zealand
Posted 14-Mar-2025 13:52

2degrees Announces Partnership With AST SpaceMobile and Plans for NZ Launch
Posted 11-Mar-2025 10:05

Samsung Introduces New Galaxy A56 5G, Galaxy A36 5G and Galaxy A26 5G
Posted 9-Mar-2025 12:18

Cricut Unveils the Next Generation of Smart Cutting Machines
Posted 9-Mar-2025 12:06








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







GoodSync is the easiest file sync and backup for Windows and Mac



RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
Hatch
GoodSync
Backblaze backup
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright