About “Your OneDrive Is Inactive And Will Soon Be Deleted” scam email
“Your OneDrive Is Inactive And Will Soon Be Deleted” is a phishing campaign targeting Microsoft’s OneDrive users. This phishing campaign comes in email form and falsely informs users that their OneDrive business account, along with all files and data stored in it, will be deleted on a certain date if users do not sign in to their accounts using the provided link. But instead of accessing their OneDrive account, users who click on the link and log in would reveal their credentials to malicious actors operating this phishing campaign. It’s not a particularly sophisticated phishing attempt but it’s convincing enough to work on less-cautious users.
This phishing email claims that Microsoft is about to close your OneDrive business account because you have not signed in for 6 months. The account is supposedly frozen but all data and files will be deleted on a certain date. The email asks that you click on the link and sign in to your account to prevent it from being closed. But if you were to click on the link, you would be taken to a site that closely imitates the legitimate Microsoft login page for OneDrive. Users who type their login credentials on this site will have their accounts hijacked by malicious actors. The credentials are immediately sent to cybercriminals operating these phishing campaigns. The stolen data can then be sold on various hacker forums to other cybercriminals or used by the scam operators themselves. Whatever the case may be, users would lose access to their accounts.
Phishing campaigns can sometimes imitate legitimate websites quite closely, which is why some phishing attempts are so effective. Under the right circumstances, even more-cautious users may fall for these phishing scams. But no matter how similar the phishing site may be, the URL will always give it away. Before you log in anywhere, always check that the URL is correct. Some URLs will look completely random, while more sophisticated ones will appear more legitimate. So carefully inspect the URL before logging in.
To avoid falling for a phishing attempt, we recommend not clicking on links in emails. If an email asks you to log in to your account to fix or check something, access your account manually instead of clicking on the link. This practice will help avoid being phished by even more sophisticated phishing emails.
What are the signs of a phishing email?
Unless you are targeted specifically and the attempt is very sophisticated, you should be able to recognize malicious emails in most cases. There are certain signs you need to look out for. They include grammar/spelling mistakes, generic words (User, Member, Customer, etc.) used to address you, and random-looking senders’ email addresses.
One of the most obvious signs of a malicious email is grammar/spelling mistakes in emails that are supposed to be official correspondence from legitimate companies. It’s not clear why malicious emails are so often full of mistakes but they certainly help users identify them. In some cases, phishing/malicious emails may have mistakes in every other word. More sophisticated phishing emails may have fewer of them. For example, the “Your OneDrive Is Inactive And Will Soon Be Deleted” scam email has missing words and awkward phrasing but does not have any overly obvious mistakes.
How an email addresses you can also tell you a lot about whether it’s legitimate or not. Notice how when companies of which you are a customer send you an email, they always address you by your name (more specifically, the name you have given them). Names are inserted automatically into emails because they make emails seem more personal. But since malicious actors usually do not have access to personal information, they use generic words like User, Member, Customer, etc.
One of the easiest things to check is the sender’s email address. In low-effort phishing emails, the senders’ email addresses will be completely obvious, made up of random letters and numbers. You can immediately disregard an email with a random-looking sender’s email address. But even if the address looks legitimate, you should still check whether it actually belongs to whomever the sender claims to be. A simple search with a search engine is still better than nothing.
“Your OneDrive Is Inactive And Will Soon Be Deleted” scam email removal
Unless you interact with it, “Your OneDrive Is Inactive And Will Soon Be Deleted” scam email is not dangerous. If you find it in your inbox, you can just delete it. If you use Microsoft’s services, clicked on the link, and logged in, you must change your Microsoft account password immediately. The password must be unique, and not used to access any other account. If the malicious actors were already able to hijack your account, try the account recovery options and contact Microsoft to see whether support can help recover your account.