Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsDesktop computingIs this email a scam??
kiwifidget

"Cookie"
3421 posts

Uber Geek

Lifetime subscriber

#243565 18-Dec-2018 15:09
Send private message

Hi,

 

I received an email this morning purporting to be from Microsoft, saying I had important documents on my OneDrive.

 

 

 

 

 

 

It looks similar to this :

 

https://www.hoax-slayer.net/onedrive-docusign-this-document-phishing-scam/

 

 

 

My instincts are saying delete.

 

Your feedback would be appreciated.

 

Thank you.




Delete cookies?! Are you insane?!

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
knoydart
904 posts

Ultimate Geek

Trusted

  #2147182 18-Dec-2018 15:13
Send private message

Yeah that looks suspect. "account authentication may be required" doesn't help!

 

From my limited MSN experience, an internal sender wouldn't have a Jeffdewalk@msn.com address. 

 

Also are you expecting files from a Jeff dewalk? 

 

Also Microsoft is Redmond based, not in downtown Seattle too. 



kiwifidget

"Cookie"
3421 posts

Uber Geek

Lifetime subscriber

  #2147185 18-Dec-2018 15:15
Send private message

I am not expecting files from anyone, let alone a Jeff.




Delete cookies?! Are you insane?!

MackinNZ
450 posts

Ultimate Geek

Lifetime subscriber

  #2147187 18-Dec-2018 15:16
Send private message

It certainly is a scam.  DELETE

 

I bet that View in OneDrive link leads to a dodgy site.  



kiwifidget

"Cookie"
3421 posts

Uber Geek

Lifetime subscriber

  #2147190 18-Dec-2018 15:30
Send private message

Thank you, I have deleted it.

 

Would I have got that email by chance, or do bad people know the email address associated with my OneDrive account?




Delete cookies?! Are you insane?!

xpd

xpd
Geek @ Coastguard NZ
13765 posts

Uber Geek

Retired Mod
ID Verified
Trusted
Lifetime subscriber

  #2147251 18-Dec-2018 18:03
Send private message

Just hover over the link and it'll show you where its really directing you.




       Gavin / xpd / FastRaccoon / Geek of Coastguard New Zealand

 

                      LinkTree

 

 

 

mattwnz
20155 posts

Uber Geek


  #2147254 18-Dec-2018 18:18
Send private message

IMO the number of scam emails I am now having to filter through, and some of them are now very legit looking, is almost making email worthless to me. Generally if I get any email with a link these days, I won't ever click on it. 

jarledb
Webhead
3257 posts

Uber Geek

Moderator
ID Verified
Trusted
Lifetime subscriber

  #2147256 18-Dec-2018 18:25
Send private message

mattwnz:

 

IMO the number of scam emails I am now having to filter through, and some of them are now very legit looking, is almost making email worthless to me. Generally if I get any email with a link these days, I won't ever click on it. 

 

 

You will get rid of most of the spam and these types of emails if you use Google Suite Mail (hosted email with your own domain at Google) or Gmail.

 

Hardly ever see any of the spam or phishing emails.




Jarle Dahl Bergersen | Referral Links: Want $50 off when you join Octopus Energy? Use this referral code
Are you happy with what you get from Geekzone? Please consider supporting us by making a donation or subscribing.

 
 
 
 

GoodSync. Easily back up and sync your files with GoodSync. Simple and secure file backup and synchronisation software will ensure that your files are never lost (affiliate link).
ANglEAUT
2320 posts

Uber Geek

Trusted
Lifetime subscriber

  #2147352 18-Dec-2018 20:22
Send private message

So, let's break this down

 

  • Unexpected email

     

    • Do you know a Jeff de Walt?
    • Why is the display name 'MSN Team', but the email looks like it belongs to an individual. There is no '... on behalf of ...'.
    • Were you expecting to review any files?

       

      • As per Steve Gibson from grc.com; did you go looking for this data or did it arrive unsolicited?
    • (False) sense of urgency. This email arrives at 06:22 on the day that it expires. There is pressure on you to get this resolved soon / immediately.

       

      • Again (I think), thanks to Steve Gibson
      • Generally, you have either a week or a month time to review files, not 18 hrs.
    • Where do the links point to?

       

      • Not only the 'View in OneDrive' button, but all links. I've seen emails were every single link points to the same URL
      • If you can't see the links, see next item
    • View the raw email itself

       

      • In Outlook.com, click the 3 button 'More actions' menu link, then choose 'View message details'
      • In Gmail.com, click the 3 button 'More' menu link, then choose 'Show original'
      • This will reveal the true destination of hyperlinks. Find all 'a href=' occurrences
      • Analyse the header to identify the source server. I like MxToolBox. There also is Messageheader, Message Header Analyser or do your own search

         

        • If it's SPAM / a scam / phishing email; more often than not it will
        • originate outside of the sending domains servers (based on FQDN & IP address range)
        • the originating server will be generic, not identifiable, such as 'localhost' or '127.0.0.1'
    • 'account authentication may be required' - Sounds very dodgy
    • 00 Pine Street, Suite 352

       

      • Google Street View of 1 Pine Street, Seattle, WA, USA does not look corporate enough to have a 'Suite 352'
        Click to see full size
      • '00' as a Street number?
      • Again, knoydart is correct in pointing out that there is no mention of Redmond
    • The subject mentions the singular 'document' while the body of the email mentions the multiple 'two (2) document'
  • OneDrive Pro

     

    • Do you have a OneDrive Pro account?
    • There used to be a SkyDrive Pro product, now known as OneDrive for Business
    • Microsoft naming conventions aside, previous experience tells me Microsoft would not make the mistake of spelling 'pro' in OneDrive pro' with a lowercase p.
  • @msn.com email address

     

    • Previously, you could get these as easily as @hotmail.com
    • As knoydart said, if @msn.com was available to the public, MSN staff would not have such a work email

 

 

Man o man, that was a lot of armchair refereeing. wink While you certainly don't have to do all of these on a suspicious email, combinations of the above will help filter out the 'legit looking ones' as per mattwnz.

 

 




Please keep this GZ community vibrant by contributing in a constructive & respectful manner.

ANglEAUT
2320 posts

Uber Geek

Trusted
Lifetime subscriber

  #2147355 18-Dec-2018 20:29
Send private message

jarledb: 
mattwnz: ... the number of scam emails I am now having to filter through, and some of them are now very legit looking ...
... use Google Suite Mail (hosted email with your own domain at Google) or Gmail.
Hardly ever see any of the spam or phishing emails.

 

jarledb, I agree with you. Gmail SPAM filters are magnitudes better than those offered by Microsoft / Outlook.com. While Google certainly is a solution, it is not an option available to everyone; be that because of their own choice or the choice or their employer.




Please keep this GZ community vibrant by contributing in a constructive & respectful manner.

yitz
2075 posts

Uber Geek


  #2147363 18-Dec-2018 20:49
Send private message

^ You missed "This mail is from a trusted sender." tongue-out

freitasm
BDFL - Memuneh
79270 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #2147397 18-Dec-2018 21:06
Send private message

The typos alone indicate scam "OneDrive pro Folder" then "One Drive"

 

Just hover over the URL and if it is not a Microsoft URL then it's a scam. 

 

If you are not expecting a document from this unknown person then it's a scam.




Please support Geekzone by subscribing, or using one of our referral links: Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSyncBackblaze backup

kiwifidget

"Cookie"
3421 posts

Uber Geek

Lifetime subscriber

  #2147434 18-Dec-2018 21:49
Send private message

thanks @lcl , I shall use that checklist for all future dodgy looking emails.

 

Thanks also to everyone else for their advice, much appreciated.




Delete cookies?! Are you insane?!

richms
28175 posts

Uber Geek

Trusted
Lifetime subscriber

  #2147439 18-Dec-2018 21:54
Send private message

I am amazed that anyone would have to ask if that is a scam or not. It screams scam.




Richard rich.ms

muppet
2568 posts

Uber Geek

Trusted

  #2147530 19-Dec-2018 06:31
Send private message

richms:

 

I am amazed that anyone would have to ask if that is a scam or not. It screams scam.

 

 

I hope it feels good.

 

 

tdgeek
29746 posts

Uber Geek

Trusted
Lifetime subscriber

  #2147539 19-Dec-2018 07:50
Send private message

richms:

 

I am amazed that anyone would have to ask if that is a scam or not. It screams scam.

 

 

No it doesn't, not to everyone. If everyone had the requisite skills, there would be no reason for Geekzone to exist.

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00

eero Pro 7 Review
Posted 23-Jul-2025 12:07

BeeStation Plus Review
Posted 21-Jul-2025 14:21

eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01

WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32

RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26

Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24

Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05

Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01

Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01

Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22

Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46

Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42

D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34

Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
GoodSync
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright