Email Phishing Scam Alert: ‘Document Share Portal’ from Microsoft

OneDrive users should be aware of the so-called Document Share Portal email scam. As strange as it might sound, the cybercriminals behind it seek to hijack users’ Gmail accounts so that they could use them to scam other users or collect valuable information. Cybersecurity specialists say that victims targeted by this Microsoft scam receive email messages saying that someone has shared a file with them, and they can see it only by clicking the provided button. Users who click the scam link should be asked to insert sensitive information and if they do, their Gmail and all services related to the email account might get compromised. If you want to know more about this Microsoft scam, we encourage you to read our full blog post. If you have any questions afterward, feel free to leave us a message in the comments area below.

How does the Document Share Portal email scam work?

OneDrive is a popular Microsoft service that allows you to store and access your data from any device as well as share files with other people. It is one of the many services that Office 365 users can enjoy. However, specialists advise being cautious while using such services. According to, Office 365 is used by over a million companies worldwide. Such a huge base of users and variety of tools lures scammers. In other words, this is not the first Microsoft scam as hackers often send users phishing messages that appear to be from various Microsoft services. Thus, if you are using Office 365 or other Microsoft products, it is important that you know how Microsoft scams work and how to recognize them.

The Document Share Portal email message should say that a document has been shared via the Microsoft document share portal. Nonetheless, instead of allowing to view it, the scam email should ask the receiver to prove that he owns the email account to which the phishing email was sent. To do this, the user should be asked to click a button called Access Document, which ought to take him to a fake login website that asks for Gmail login name and password. Naturally, if a user provides these details, they get recorded, and scammers might use them to hijack his account and other services that could be linked to his Gmail, such as Google Drive, Google Docs, etc. However, your email account can provide not only valuable information and access to linked services but also an opportunity to scam your colleagues, clients, friends, or family members. Thus, make sure you warn your contacts if your account gets hijacked.

Always remember that no business or institution would ever ask you to reveal such sensitive information like your login credentials. Therefore, no matter how legit the message might appear, keep in mind that something is wrong with it if you are asked for information that only you are supposed to know.

What to do if you fell a victim to the Document Share Portal email scam?

If you clicked the scam link and entered your Gmail account’s login credentials, you must take immediate action. If scammers have not changed your password yet, you might be able to log into your account and change it to stop cybercriminals from accessing it. We recommend using a combination that would be completely different from your last Gmail password. Of course, the new password should be not only unique but also strong. What does it mean? It means that your new passcode should be made from at least 10-12 characters and should contain not only lower-case and upper-case letters but also numbers and symbols. If you do not think you can come up with a strong combination that you would not forget, we advise employing a tool like Cyclonis Password Manager. Cyclonis can generate strong passwords as well as store them in an encrypted vault so you would not have to memorize your login credentials.

What to do if scammers have changed your Gmail password and you no longer have access to your account? If this happens, we advise using the Gmail account recovery page. Plus, Google recommends using these tips to make the recovery process easier.

How to recognize Microsoft scam emails?

Imagine you receive a message with Microsoft logo images that comes from an address that contains the word Microsoft and urges you to click a link. Do you assume that it comes from Microsoft and click it without thinking twice? The answer is no. You should never click links or open files just because they seem to be coming from reputable sources. First, you must make sure that it is truly the case. Microsoft products are used worldwide, so cybercriminals can easily get the company’s logo images as well as samples of messages the company sends to its clients. Thus, creating a message that would look like it is coming from Microsoft is easier than you might think. Another thing that makes the task easier is that some users are unaware of phishing emails.

Moreover, a word Microsoft in an email address does not mean that it belongs to the company. Also, you should pay attention to how it is written. Some scammers come up with email addresses that look very similar to the email addresses that are being used by Microsoft by replacing letters with numbers or different letters. For example, they may change the letter o with a zero in the word Microsoft. Cybercriminals can replace letters in URL addresses too to make them seem as legit as possible. Thus, if you receive a link, you should inspect it closely.

Our last advice is to read the received message carefully. Messages from scammers often contain various grammar and spelling mistakes that a company like Microsoft would never allow to appear in their emails. Also, pay attention to the tone of the letter. Can you feel a sense of urgency? Scammers often try to convince users that they must take immediate action or else something bad will happen, for example, the messages of the discussed Microsoft scam say that the shared documents will expire in 48 hours.

All in all, recognizing Microsoft scams is not an easy thing to do. Especially, if you do not know a lot about scams targeted at Microsoft users or scams in general. Thus, if you are using Office 365 or other popular products, we advise investing a bit of your time to learn about phishing attacks related to them. To learn more about scams targeted at Office 365 users, continue reading here.

By Foley
December 10, 2020
December 10, 2020

Leave a Reply