A new phishing campaign is targeting unsuspecting users with emails posing as Microsoft OneDrive notifications. The message claims a document—enticingly titled “Salary Bonus for June…pdf”—has been shared with the recipient. It urges the reader to click a link labeled “View on OneDrive.” Once clicked, the victim is directed to a convincing Microsoft login page. But it’s a trap.
A recent case involved a finance professional who clicked the link during a busy morning. Seconds later, she unknowingly handed over her Microsoft credentials. Within hours, her account was used to send similar phishing emails to colleagues and clients, spreading the infection.
Scan Your Your Device for “OneDrive – You Have a New Document” Scam
✅ Detects & Removes Malware
🛡️ Protects against infections
✅ Free Scan
✅13M Scans/Month
Don’t leave your system unprotected. Download SpyHunter today for free, and scan your device for malware, scams, or any other potential threats. Stay Protected!
Threat Overview
This is a credential-harvesting scam engineered through email spoofing and social engineering. It doesn’t infect your device with malware. Instead, it preys on trust and familiarity—specifically, the global recognition of Microsoft and its OneDrive service.
Key Details Table
| Field | Details |
|---|---|
| Threat Type | Phishing / Social Engineering |
| Fake Document Name | Salary Bonus for June…pdf |
| Disguised As | Microsoft OneDrive document sharing notification |
| Detection Names | Often flagged generically as “Phishing:HTML/Phish.Credentials” |
| Symptoms | Email with a fake OneDrive link; redirected to a false Microsoft login |
| Damage | Account compromise, identity theft, internal spread of phishing scams |
| Distribution Methods | Bulk phishing emails, harvested email lists, spoofed sender addresses |
| Severity | High |
| Removal Tool | SpyHunter (recommended) |
In-Depth Analysis
Infection Vector
The attack begins with an email. No malicious attachment, no exploit payload—just social engineering at its finest. Subject lines typically read “Salary Payment For June” or variations meant to arouse curiosity or urgency. The email body mirrors Microsoft branding, featuring OneDrive logos and language resembling official notifications.
Recipients are invited to click on a link labeled “View on OneDrive.” Behind this link is a cleverly disguised phishing domain—a counterfeit Microsoft login page. The domain name might include typos or obscure subdomains to evade suspicion, such as onedrive-doc-view-login.azurewebsites.net.
Behavioral Profile
Once on the fake login page, the user is prompted to enter their Microsoft credentials. Upon submission, the credentials are immediately exfiltrated to a command-and-control server controlled by the threat actor.
From there, the attacker may:
- Access the user’s Microsoft services (Outlook, Teams, SharePoint, etc.)
- Read and forward emails to escalate the scam
- Exfiltrate sensitive files stored in OneDrive
- Use the compromised identity to phish other users
In enterprise environments, this can lead to lateral phishing, credential stuffing, or even business email compromise (BEC) attacks.
Risk Assessment
The threat is severe. Unlike ransomware, there’s no noisy encryption event—no visible impact until it’s too late. These attacks are silent, scalable, and often go undetected until users report unauthorized activity. Past incidents have seen corporate finance departments tricked into wire fraud through fake invoice approvals initiated from compromised accounts.
Attackers using similar OneDrive phishing lures were behind several high-profile breaches in 2023 and 2024, leveraging the stolen credentials to access M365 admin portals and distribute further malware via Teams.
Phishing Email Example
pgsqlCopyEditSubject: Salary Payment For June
OneDrive
Hello –
You have a new document on OneDrive.
Salary Bonus for June..pdf
View on OneDrive
Free online storage for your files. Check it out.
Microsoft respects your privacy. For more information, read our Privacy Statement.
Microsoft Corporation, One Microsoft Way, Redmond, WA, 98052
The link embedded in “View on OneDrive” leads not to Microsoft, but to a phishing domain designed to look identical.
Manual Removal Guide: How to Identify and Remove Email Scams Yourself
Step 1: Recognizing Scam Emails
Before taking action, learn to identify email scams. Some common red flags include:
- Unknown Sender: Emails from unfamiliar addresses, especially if they claim to be from banks, tech support, or government agencies.
- Urgent or Threatening Language: Messages pressuring you to act quickly (e.g., “Your account will be suspended!”).
- Poor Grammar & Spelling Mistakes: Many scam emails contain grammatical errors.
- Suspicious Links or Attachments: Hover over links to check if they lead to an unusual website before clicking.
- Requests for Personal or Financial Information: Legitimate companies will never ask for sensitive details via email.
Step 2: Avoid Interacting with Scam Emails
If an email appears suspicious:
- Do NOT click on any links.
- Do NOT download attachments.
- Do NOT reply to the sender.
Step 3: Report the Email Scam
Reporting scam emails helps prevent others from falling victim to them:
- Gmail/Outlook/Yahoo Users: Click “Report Phishing” or “Report Spam” in your email client.
- FTC (U.S. users): Report scams to the FTC Complaint Assistant.
- Google Safe Browsing: Report phishing sites at Google’s Phishing Report.
Step 4: Block the Sender
To prevent further scam emails from the same sender:
- Gmail: Open the email, click the three dots, and select “Block [Sender Name]”.
- Outlook: Open the email, select “Junk” > “Block Sender”.
- Yahoo Mail: Click “More” > “Block Sender”.
Step 5: Check Your Accounts for Compromise
If you’ve interacted with a scam email:
- Change your passwords immediately. Use strong, unique passwords.
- Enable Two-Factor Authentication (2FA). Adds an extra security layer.
- Monitor your banking transactions for suspicious activity.
Step 6: Scan Your Device for Malware
If you accidentally clicked a link or downloaded a file, scan your system for malware:
- Windows Users (Windows Defender)
- Go to Settings > Update & Security > Windows Security > Virus & Threat Protection.
- Click “Quick Scan” or “Full Scan”.
- Mac Users
- Use security software like Malwarebytes for Mac to scan for threats.
Step 7: Strengthen Email Security
- Enable spam filtering in your email provider’s settings.
- Use a third-party spam filter such as Spamihilator or Mailwasher.
- Stay educated on phishing techniques to avoid falling for scams in the future.
SpyHunter Removal Guide: Automated Solution for Email Scam Threats
Scan Your Your Device for “OneDrive – You Have a New Document” Scam
✅ Detects & Removes Malware
🛡️ Protects against infections
✅ Free Scan
✅13M Scans/Month
Don’t leave your system unprotected. Download SpyHunter today for free, and scan your device for malware, scams, or any other potential threats. Stay Protected!
SpyHunter is a powerful anti-malware tool designed to detect and remove phishing-related threats, Trojans, spyware, and other cyber threats. If you prefer a quick and automated solution, follow these steps:
Step 1: Download SpyHunter
- Visit the official SpyHunter download page: Download SpyHunter
- Click “Download” and save the file.
Step 2: Install SpyHunter
- Open the downloaded file (SpyHunter-Installer.exe).
- Follow the on-screen installation instructions.
- Once installed, launch SpyHunter.
Step 3: Perform a Full System Scan
- Open SpyHunter and go to “Malware/PC Scan”.
- Click “Start Scan Now” to begin scanning.
- SpyHunter will detect threats linked to email scams.
Step 4: Review and Remove Detected Threats
- After the scan completes, SpyHunter will display a list of detected threats.
- Click "Fix Threats" to remove them.
- Restart your computer after removal.
Step 5: Enable Real-Time Protection
- Activate SpyHunter’s Active Guards for real-time malware protection.
- Schedule regular system scans for ongoing security.
Step 6: Keep SpyHunter Updated
- Regularly update SpyHunter to detect new threats.
- To update, go to "Settings" > "Update" and click "Check for Updates".
How to Prevent Future Email Scams
To avoid falling for email scams in the future, follow these precautions:
Use a Secure Email Provider
Consider using encrypted email services like ProtonMail or Tutanota for enhanced security.
Avoid Clicking Suspicious Links
Always verify links before clicking by hovering over them to see the actual URL.
Use a VPN on Public Wi-Fi
Scammers can intercept your data on public networks. Use a VPN for secure browsing.
Regularly Change Your Passwords
Use a password manager to generate and store secure passwords.
Install Anti-Phishing Browser Extensions
Use security extensions like Bitdefender TrafficLight or Avast Online Security to detect phishing attempts.
Email scams pose a significant risk to personal and financial security. By following this manual removal guide, you can effectively identify and remove scam emails. For those seeking a fast and automated approach, SpyHunter provides a reliable solution to detect and remove email scam-related threats.
Take Action Now
Protect your device from scam-related malware with SpyHunter: Download SpyHunter
Conclusion
This phishing scam exemplifies the growing sophistication of credential-harvesting campaigns. Users trust Microsoft branding and are more likely to click on familiar service notifications. That trust is being weaponized.
Early detection and rapid response are critical. Train users to inspect email links before clicking. Enforce multi-factor authentication (MFA) across all accounts. And when in doubt, report the message before opening it. Cybersecurity starts with skepticism—especially when the message promises a bonus.
Scan Your Your Device for “OneDrive – You Have a New Document” Scam
✅ Detects & Removes Malware
🛡️ Protects against infections
✅ Free Scan
✅13M Scans/Month
Don’t leave your system unprotected. Download SpyHunter today for free, and scan your device for malware, scams, or any other potential threats. Stay Protected!
