Skip to Content
Microsoft onedrive phishing scam
© Yuliia Kaveshnikova | Dreamstime.com
Security & privacy

Use Microsoft OneDrive? Here’s a phishing attack you need to know about

Your inbox is cluttered with messages from some of the most well-known brands in the world: Amazon, Apple, Microsoft, Walmart and Google, to name a few. You don’t have to use their services to find yourself on their mailing lists.

Just because the name seems legit doesn’t mean the message is. Scammers often impersonate companies to earn trust and trick you into clicking malicious links or providing sensitive information. In fact, half of every phishing attempt worldwide imitates one brand. Tap or click here for the most spoofed brand to watch out for.

Hackers have plenty of tricks up their sleeves, and one group is abusing Microsoft’s OneDrive cloud storage service to target victims. The Russian-backed group, known as Seaborgium, also uses popular social media platforms to spy on potential targets. Here’s how to spot their scams

Political motives

Microsoft’s blog post this week described a group it’s been tracing since 2017. Seaborgium has been engaged in phishing and credential theft campaigns to break into systems and steal data. The group used OneDrive as a means to lure in unsuspecting victims. Here’s how:

  • The group used OneDrive attachments to emails that imitated the service.
  • Seaborgium also created OneDrive accounts to host PDF files containing links to malicious URLs.

The tech giant says the data was used to shape narratives in targeted countries, and support is likely coming from state-backed sources. Seaborgium has been associated with other threat groups such as Callisto Group, TA446 and Coldriver.

Microsoft said Seaborgium targets 30 organizations primarily in NATO countries, including the U.S. and U.K. The Ukraine government was also targeted in the months leading up to the Russian invasion, along with former intelligence officials, experts in Russian affairs and Russian citizens abroad.

RELATED: Criminals are hacking pharmacy accounts to steal THIS drug

Hackers get help through social media

Like many hacking groups, Seaborgium conducted reconnaissance on individual targets to identify more contacts in that person’s social network. The threat actor used social media platforms such as LinkedIn to hone in on employees from specific organizations.

Fake LinkedIn accounts were created to connect to legitimate ones. LinkedIn terminated any account that was found to be conducting fraudulent behavior.

Fight back against hackers

Microsoft offered advice to lower your risk of falling victim to these scams, and we included some of our own:

  • Check your Office 365 email filtering settings to ensure you block spoofed emails, spam, and emails with malware.
  • Configure Office 365 to disable email auto-forwarding.
  • Carefully check that emails come from the usual email address of your contact.
  • Enable two-factor authentication (2FA) for all your online accounts that offer it. This will make it more difficult for hackers to access your accounts. Tap or click here to learn the benefits of 2FA.
  • Always have a trusted antivirus program updated and running on all your devices. This helps keep hackers from stealing your credentials. We recommend our sponsor, TotalAV. Right now, get an annual plan with TotalAV for only $19 at ProtectWithKim.com. That’s over 85% off the regular price!

You may also like

Scareware 101: How to spot this dangerous cyberattack and protect yourself

Facebook scam: Watch out for this new trick to steal your cash

Stop robocalls once and for all

Robocalls are not only annoying, but they scam Americans out of millions every year. Learn Kim's tricks for stopping them for good in this handy guide.

Get the eBook