Cyber Security Center

What is “Your OneDrive Is Inactive And Will Soon Be Deleted” email scam


“Your OneDrive Is Inactive And Will Soon Be Deleted” email scam is a phishing campaign that aims to steal users’ OneDrive login credentials. The email claims that your OneDrive business account is about to be deleted because you have not used it for 6 months. Supposedly, you can unfreeze your account if you sign in to OneDrive. But instead of the legitimate OneDrive login page, this email would redirect you to a fake version of the site where your login credentials would be phished. It goes without saying that Microsoft has nothing to do with this phishing attempt.

 

Your OneDrive Is Inactive And Will Soon Be Deleted scam email

 

“Your business account has been unused for 6 months and is currently frozen”, is what this phishing email claims. Supposedly, your OneDrive files will be deleted on a certain date if you do not log in and reactivate your account. The email contains a link to supposedly reactivate your account. If you were to click on it, you would be taken to a fake OneDrive login site. If you were to type in your Microsoft login credentials, they would end up in the hands of cybercriminals operating this phishing campaign. The credentials would later either be sold to other cybercriminals and/or used to hijack your Microsoft account.

Sophisticated phishing websites are made to resemble legitimate ones very closely so it can sometimes be difficult to tell if you’re on a phishing site or not. However, no matter how legitimate a site may look, its URL will never be the same. It can be made to resemble the legitimate URL but it will never look completely identical. So anytime you’re asked to log in, always check the URL.

You can check where a link/button will take you by hovering over it with your mouse. The link will appear at the bottom, and if it looks even remotely suspicious, do not click on it. You can also check the link with a service like VirusTotal. If any security programs detect the site as malicious/phishing, VirusTotal would show it. But we also recommend not clicking on links in emails in general. If an email asks you to click on a link to fix or check something in your account, access the account manually instead of clicking on a link.

How to identify phishing emails

  • Check the sender’s email address.

The sender’s email address is one of the first things you should check when you receive an unsolicited email. In some cases, the email addresses will look completely random. If the sender’s address is made up of random letters and numbers, you can be completely sure that the email is malicious. However, even when an email address appears legitimate, you still need to investigate it. At the very least, use a search engine to see whether it actually belongs to whomever the sender claims to be.

  • Look for grammar/spelling mistakes.

For some reason, malicious and phishing emails often have very noticeable grammar/spelling mistakes. In particularly low-effort phishing emails, most words have mistakes in them. This “Your OneDrive Is Inactive And Will Soon Be Deleted” email scam appears to have more effort put into it. But you can still spot mistakes. For example, the sentence “Your files are still there, but your OneDrive and all files saved to that account will be deleted on or after … unless sign in to OneDrive to reactivate it”. You will never see such an awkward-sounding sentence in a legitimate Microsoft email. Whenever you receive an email that asks you to click on a link or open an attachment, always carefully check the email for mistakes.

  • Take note of how you are addressed.

You may have noticed that companies whose services you use always address you by name in emails. This is a standard practice because it makes the email seem more personal. However, in many cases, malicious/phishing emails use generic words like User, Member, Customer, etc., to address users. Or they may not even have a line addressing you, as is the case with this “Your OneDrive Is Inactive And Will Soon Be Deleted” email scam. Whenever you see a generic greeting in an email whose sender should know your name, it’s likely malicious/phishing.

“Your OneDrive Is Inactive And Will Soon Be Deleted” email scam removal

You can remove “Your OneDrive Is Inactive And Will Soon Be Deleted” email scam from your inbox if you get it. If you did not interact with the email in any way, you don’t need to do anything. However, if you now realize that you clicked on the link in the email and typed in your Microsoft credentials, you need to change your password immediately. Make sure the password is complex and unique. Remember, passwords should never be reused. You should also enable two-factor authentication (2FA). If you cannot access your account, try the recovery options and/or contact Microsoft’s support to see whether it’s possible to do something. Be very careful of emails that have links/attachments in the future and carefully check them for phishing/malicious signs before engaging.