Keep an eye out for fraudulent emails claiming that someone has shared a document with you. Sender names and other details may vary but here’s a screenshot of a typical example:
If you click on the document link, you will be taken to a phishing website that tries to nab your email account login credentials. The site features the OneDrive logo, although it has no connection to Microsoft. It claims that to read the promised document, you must choose your email service provider from a list:
After you choose your provider and “log in”, you will be automatically redirected to the provider’s home page.
Criminals can now harvest the information you entered on the fake login form and use it to hijack your email account. They can then use the account to send spam, scam, and malware emails with your name on them. If they can access the account’s linked services as well, they can make app store purchases, steal your stored files, and gather more of your personal information.
They can pretend to be you online and perhaps even steal your identity. They may also be able to hijack other online accounts you own by clicking the forgot password option, which often uses a password change email sent to your account.