Is this email a scam??

Forums › Desktop computing › Is this email a scam??

kiwifidget

"Cookie"
3641 posts

Uber Geek
+1 received by user: 1969

Lifetime subscriber

#243565 18-Dec-2018 15:09

Hi,

I received an email this morning purporting to be from Microsoft, saying I had important documents on my OneDrive.

It looks similar to this :

https://www.hoax-slayer.net/onedrive-docusign-this-document-phishing-scam/

My instincts are saying delete.

Your feedback would be appreciated.

Thank you.

Delete cookies?! Are you insane?!

1 | 2

904 posts

Ultimate Geek
+1 received by user: 154

Trusted

#2147182 18-Dec-2018 15:13

Yeah that looks suspect. "account authentication may be required" doesn't help!

From my limited MSN experience, an internal sender wouldn't have a Jeffdewalk@msn.com address.

Also are you expecting files from a Jeff dewalk?

Also Microsoft is Redmond based, not in downtown Seattle too.

kiwifidget

"Cookie"
3641 posts

Uber Geek
+1 received by user: 1969

Lifetime subscriber

#2147185 18-Dec-2018 15:15

I am not expecting files from anyone, let alone a Jeff.

Delete cookies?! Are you insane?!

MackinNZ

450 posts

Ultimate Geek
+1 received by user: 119

Lifetime subscriber

#2147187 18-Dec-2018 15:16

It certainly is a scam. DELETE

I bet that View in OneDrive link leads to a dodgy site.

kiwifidget

"Cookie"
3641 posts

Uber Geek
+1 received by user: 1969

Lifetime subscriber

#2147190 18-Dec-2018 15:30

Thank you, I have deleted it.

Would I have got that email by chance, or do bad people know the email address associated with my OneDrive account?

Delete cookies?! Are you insane?!

xpd

Geek of Coastguard
14118 posts

Uber Geek
+1 received by user: 4580

Retired Mod

ID Verified

Trusted

Lifetime subscriber

#2147251 18-Dec-2018 18:03

Just hover over the link and it'll show you where its really directing you.

XPD / Gavin

LinkTree

mattwnz

20520 posts

Uber Geek
+1 received by user: 4798

#2147254 18-Dec-2018 18:18

IMO the number of scam emails I am now having to filter through, and some of them are now very legit looking, is almost making email worthless to me. Generally if I get any email with a link these days, I won't ever click on it.

Mighty Ape

Shop now at Mighty Ape (affiliate link).

jarledb

Webhead
3319 posts

Uber Geek
+1 received by user: 1983

Moderator

ID Verified

Trusted

Lifetime subscriber

#2147256 18-Dec-2018 18:25

mattwnz:

IMO the number of scam emails I am now having to filter through, and some of them are now very legit looking, is almost making email worthless to me. Generally if I get any email with a link these days, I won't ever click on it.

You will get rid of most of the spam and these types of emails if you use Google Suite Mail (hosted email with your own domain at Google) or Gmail.

Hardly ever see any of the spam or phishing emails.

Jarle Dahl Bergersen | Referral Links: Want $50 off when you join Octopus Energy? Use this referral code
Are you happy with what you get from Geekzone? Please consider supporting us by making a donation or subscribing.

ANglEAUT

altered-ego
2436 posts

Uber Geek
+1 received by user: 842

Trusted

Lifetime subscriber

#2147352 18-Dec-2018 20:22

So, let's break this down

Unexpected email
- Do you know a Jeff de Walt?
- Why is the display name 'MSN Team', but the email looks like it belongs to an individual. There is no '... on behalf of ...'.
- Were you expecting to review any files?
  - As per Steve Gibson from grc.com; did you go looking for this data or did it arrive unsolicited?
- (False) sense of urgency. This email arrives at 06:22 on the day that it expires. There is pressure on you to get this resolved soon / immediately.
  - Again (I think), thanks to Steve Gibson
  - Generally, you have either a week or a month time to review files, not 18 hrs.
- Where do the links point to?
  - Not only the 'View in OneDrive' button, but all links. I've seen emails were every single link points to the same URL
  - If you can't see the links, see next item
- View the raw email itself
  - In Outlook.com, click the 3 button 'More actions' menu link, then choose 'View message details'
  - In Gmail.com, click the 3 button 'More' menu link, then choose 'Show original'
  - This will reveal the true destination of hyperlinks. Find all 'a href=' occurrences
  - Analyse the header to identify the source server. I like MxToolBox. There also is Messageheader, Message Header Analyser or do your own search
    - If it's SPAM / a scam / phishing email; more often than not it will
    - originate outside of the sending domains servers (based on FQDN & IP address range)
    - the originating server will be generic, not identifiable, such as 'localhost' or '127.0.0.1'
- 'account authentication may be required' - Sounds very dodgy
- 00 Pine Street, Suite 352
  - Google Street View of 1 Pine Street, Seattle, WA, USA does not look corporate enough to have a 'Suite 352'
  - '00' as a Street number?
  - Again, knoydart is correct in pointing out that there is no mention of Redmond
- The subject mentions the singular 'document' while the body of the email mentions the multiple 'two (2) document'
OneDrive Pro
- Do you have a OneDrive Pro account?
- There used to be a SkyDrive Pro product, now known as OneDrive for Business
- Microsoft naming conventions aside, previous experience tells me Microsoft would not make the mistake of spelling 'pro' in OneDrive pro' with a lowercase p.
@msn.com email address
- Previously, you could get these as easily as @hotmail.com
- As knoydart said, if @msn.com was available to the public, MSN staff would not have such a work email

Man o man, that was a lot of armchair refereeing. While you certainly don't have to do all of these on a suspicious email, combinations of the above will help filter out the 'legit looking ones' as per mattwnz.

Please keep this GZ community vibrant by contributing in a constructive & respectful manner.

ANglEAUT

altered-ego
2436 posts

Uber Geek
+1 received by user: 842

Trusted

Lifetime subscriber

#2147355 18-Dec-2018 20:29

jarledb:
mattwnz: ... the number of scam emails I am now having to filter through, and some of them are now very legit looking ...
... use Google Suite Mail (hosted email with your own domain at Google) or Gmail.
Hardly ever see any of the spam or phishing emails.

jarledb, I agree with you. Gmail SPAM filters are magnitudes better than those offered by Microsoft / Outlook.com. While Google certainly is a solution, it is not an option available to everyone; be that because of their own choice or the choice or their employer.

Please keep this GZ community vibrant by contributing in a constructive & respectful manner.