Department of Information Technology Logo

OneDrive & SharePoint Phishing  

IT Security has detected an increase in phishing attempts using Microsoft OneDrive. Attackers attempt to steal a victim’s account credentials using a spoofed OneDrive login page. In the attack, the actor crafts a fake OneDrive login page and embeds the URL for this page in a phishing email. When the user enters their credentials in the fraudulent login page, they may be sent to an external site controlled by the attacker, saved in a text file on the same server for later retrieval, or emailed to an attacker-controlled email address. The user is frequently redirected to the real OneDrive login page. To the victim, it will simply appear that their login failed to process, and they will attempt to log in again.

A new social engineering tactic observed is that the threat actor, masquerading as a Microsoft employee, may call the victim while they are retrieving their two-factor authentication, and ask to verify the authentication code. It is important to note that Microsoft will never call you to verify this code.

If you have received this or a similar email, the Department of Information Technology advises you to do the following:

  • Do not click on links in suspicious emails.
  • Do not reply or forward suspicious emails
  • Report phishing emails by clicking the "Report Phishing" button.
  • If you suspect your Seton Hall account is compromised, contact the Technology Service Desk immediately (

Categories: Science and Technology

For more information, please contact:

  • Technology Service Desk
  • (973) 275-2222