Unfortunately, we have seen a worrying increase in the number of email scams where the sender claims you have been sent a file and they provide you with a link but when you click on the link you need to sign into OneDrive to download it.

Very cleverly the scammers create a copy of the OneDrive login portal so when you click on the link it all appears genuine. You enter your username and password to get the file but at this point the scammers now have access to your Office 365 account and will often use your mailbox to send out more scam emails to all your contacts.

So what do they do then? They will setup rules to delete bounce back messages and often remove the emails from your sent items, so for a while you may not be aware you have been hacked. Normally the first indication you have that there is a problem is when your mailbox gets blocked but by that time a lot of damage has already been done.

Normally the scam email will be from someone you know whose account has been hacked, seeing the email is from a sender you trust, you are fooled into handing over your login credentials to access the file, once they have them your account will be compromised and they can view your email and personal information as well as any other Office 365 services linked to your account.

So how can you protect yourself from these scams?

  • Check the ‘from’ address on emails you receive as some will just be phishing emails and not necessarily from a hacked account.
  • The email may appear to be from a friend or colleague, but the email address maybe different!

  • You can see this email was sent from Ben, if we double click the senders name a window will open displaying the actual email address. Ensure that the email address is correct and does not look suspicious.
  • Never open an attachment if you are in any doubt it is genuine
  • Do not click on links within emails when they are taking you to websites that you are not familiar with.  By hovering the mouse pointer over the link, it will tell you where it goes.

Check the web URL’s before logging in.



Both website portals will look the same but often the URLs will be random letters or words.

You need to be careful as some of the URL’s are quite convincing, for example we have seen the below:

rnicrosoft.com instead of microsoft.com, notice that the letter m in the fake URL is actually made up of an r and an n which when placed together look like an m. Its very easy to miss and this is what the scammers rely on!

Be extra cautious if the email mentions…

  • Transferring money
  • Invoices
  • Receipts
  • Changing payment details or login details for a website you use
  • From your Bank
  • From HMRC
  • You have won a prize


Always be suspicious!

As a general rule of thumb never open attachments or click on links in emails unless you are certain it is genuine. If in doubt, do not click, if it was genuine, they will resend or chase.

Emails you suspect are not genuine should be deleted, in Outlook if you hold the shift key down whilst deleting an email it will permanently delete it rather than send it to the deleted items folder.