This email claims that a document has been sent to you via Microsoft’s document storage and sharing platform OneDrive.
The subject line of the email suggests that you need to provide an electronic signature using DocuSign. An included link urges you to click to access your Office365 account and review the supposed document.
However, the email has no connection to Microsoft, OneDrive, Office365, or DocuSign. Instead, it is a phishing scam designed to steal your Microsoft Account login details.
If you click the link in the scam email, you will be taken to a fraudulent website that asks you to sign in to your Microsoft Account by entering your email address and account password. You will then be automatically redirected to a genuine Microsoft login web page.
The scammers can now collect the information that you supplied on the fake site and use it to gain access to your Microsoft Account.
Your Microsoft Account login may provide access to a number of linked services including email, Skype, OneDrive, and Office360.
Thus, once they have gained entry, the scammers can use these services to launch spam and scam campaigns, collect and steal your personal information, and conduct fraudulent transactions and activities in your name.
If you receive one of these bogus emails, do not click any links or open any attachments that it contains.
Phishing scams like this continue to be very common.
An example of the scam email:
This message is for named person(s) only. It may contain confidential and/or legally privileged information. No confidentiality or privilege is waived or lost should mis-transmission occur. If you receive this message in error, delete it (and all copies) and notify sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient.