5

Today I received an email claiming that my OneDrive account is going to be deleted as it has been unused for the past two years. This is probably true.

The email urges me to visit OneDrive to reactivate my account before a date roughly 3 months from now so I may keep my account. Seems reasonable.

What gives me pause:

  • The email does not use my (fake) name associated with the account, or any name at all.
  • The links go to onedrive.com, whereas onedrive is typically accessed from onedrive.live.com
  • The only place I can find that says the above site is correct is wikipedia
  • The whois information isn't overly helpful (to my untrained eye), but is quite different from the live.com whois information
  • Email is from email@mail.onedrive.com, seems within reason, but a little odd
  • 3 of the 4 links in the email go to the same page, just with a different UUID attached to the end

Reasons why I'm not so sure:

  • Microsoft has sent me legit emails from other domains before. Clearly not understanding the phishing risk this causes for their users.
  • Microsoft hasn't picked it up as a scam/junk (not many get through)
  • Thunderbird hasn't marked it either (normally gives me tons of false positives)
  • It is a domain one would expect Microsoft to have snapped up

Easy solution:

  • Go to the legit website and log in, if it's a scam then no harm, if it's not then problem solved.

Unfortunately, I'm the tech geek for quite a few family members that don't understand online scams so well. If it is indeed a scam, I need to let them know so they can recognize it.

Can someone who is a little more sleuthy figure this one out for me and my naive relatives?

dan
  • 3,033
  • 14
  • 34
Kelly Bang
  • 179
  • 1
  • 1
  • 7
  • First intuition tells me it is legit, especially since the links point towards a legitimate site. – Kevin Mar 09 '18 at 11:54
  • 2
    @KevinVoorn Intuition is not always reliable. A link to a legitimate site may actually be an IDN homograph attack. Not that I'm saying that's what OP is experiencing. – forest Mar 09 '18 at 11:55
  • That is true, hence I didn't answer the question yet without more research. – Kevin Mar 09 '18 at 11:55
  • What do you mean by "Microsoft hasn't picked it up as a scam/junk (not many get through)"? – dan Mar 09 '18 at 13:26
  • 2
    Get the email source and edit it into your question; make sure to remove sensitive information. That makes this question have more value for others. –  Mar 09 '18 at 14:46
  • 1
    I received this e-mail too. From what I can tell it may be both legit and a phishing scam. When I contacted the real Microsoft company, they said the e-mail I got was fake, and not to click on any links. However, when I logged into my account I did have a notice that my account had been frozen and I had to follow certain steps to unfreeze it. So, I'm not sure if this indicates that the phishing scammers are using real information to convince people to click on fake links, and ultimately provide real information to phishing scammers. These scammers are getting more sophisticated, and we all nee – TMS Cole May 24 '18 at 17:43

1 Answers1

3

Yes it appears the email IS legit. On logging into the account through onedrive.live.com, there was a notice waiting for me letting me know that my account had been frozen and that it was due for deletion on the same date as the fishy email. Thanks a lot Microsoft.

Kelly Bang
  • 179
  • 1
  • 1
  • 7