OneDrive, Fidelity Investment, and MORE – 3 Phishing Scams to Watch Out For
Author: Trend Micro
This article is from Trend Micro.
If you’re a regular reader of this blog, you’ll know that we post a lot about phishing scams. And there are good reasons for this: they’re everywhere, a lot of people fall for them, and they can be potentially devastating.
This week we’ve observed three phishing scams that have been spreading all over the US. Keep on reading to learn about them, as well as how to avoid them.
OneDrive Phishing Scam
Scammers have been impersonating Microsoft’s popular cloud storage service, OneDrive. They’ve been sending out bogus emails to people informing them that there is an “urgent security update”.
Although the content of the email is somewhat confusing — it seems the scammers may have got OneDrive mixed up with Microsoft’s email service, Outlook — the message’s goal is to get people to click on the blue “Log In” button.
Once clicked on, the button leads to a malware-infected website.
If a victim were to click on the red button, malware would be downloaded onto their computer.
Malware will commonly be designed to steal personal data and passwords, delete files, and render computers inoperable, among other malicious things.
Fidelity Phishing Scam
Fidelity Investments, commonly known as Fidelity, is a financial services company based out of Boston. Scammers have been impersonating this company to try to steal people’s personal and financial information.
The malicious email above, which they’ve been sending to massive amounts of potential victims, claims there is a new security upgrade and all Fidelity customers need to re-validate their account information. Of course, this is complete nonsense.
All the scammers want is for victims to click on the “Validate Your Account” link. If they do so, they’ll be taken to a phishing website. Any and all personal and financial information entered onto the site will be sent directly to the scammers, which they could then use to commit any number of other crimes.
Fake Warning Phishing Scam
Rather than impersonating a specific company, in this scam, the scammers have taken a more generic approach.
Via text message, potential victims are told that their user account is in danger of being closed. It’s not true of course, the scammers just want them to click on the link embedded in the message. Two examples of these malicious messages are below.
- (39778) we are closing user accounts with malicious website activity. {URL} goto the link provided by end of day to scan your devic
- (96348) We are currenty terminating User accounts with malicious website activity. {URL} Goto the link provided by Aug7th to secure your device.. 1229
If clicked on, the link will take victims to the malicious website in the screenshot below.
The victims are led to believe that their device is infected with malware. They’re instructed to click on the “Fix now!” button. However, all information on this page is a complete lie, and if they click on the button, instead of fixing their device, it will in fact infect it with malware.
How to Protect Yourself
- Be highly suspicious of unsolicited messages, even if they seem to be from well-known companies.
- Exercise caution when clicking on links.
- Use Trend Micro Check to detect scams with ease — for FREE!
Trend Micro Check — our 100% FREE browser extension and mobile app — can protect you against scams, malicious websites, dangerous emails, and lots more! If you come across something dangerous online, you’ll be alerted in real time so you’ll know to stay well clear.
As ever, if you’ve found this article an interesting and/or helpful read, please do SHARE it with friends and family to help keep the online community secure and protected.
Source: pexels.com
Report a Scam!
Have you fallen for a hoax, bought a fake product? Report the site and warn others!
Scam Categories
Help & Info
Top Safety Picks
Your Go-To Tools for Online SafetyDisclaimer: Some of the links here are affiliate links. If you click them and make a purchase, we may earn a commission at no extra cost to you.
- ScamAdviser App - iOS : Your personal scam detector, on the go! Check website safety, report scams, and get instant alerts. Available on iOS
- ScamAdviser App - Android : Your personal scam detector, on the go! Check website safety, report scams, and get instant alerts. Available on Android.
- NordVPN : NordVPN keeps your connection private and secure whether you are at home, traveling, or streaming from another country. It protects your data, blocks unwanted ads and trackers, and helps you access your paid subscriptions anywhere. Try it Today!
- Incogni : Incogni automatically removes your personal data from data brokers that trade in personal information online, helping reduce scam and identity theft risks without the hassle of manual opt-outs. Reclaim your privacy now!
Popular Stories
As the influence of the internet rises, so does the prevalence of online scams. There are fraudsters making all kinds of claims to trap victims online - from fake investment opportunities to online stores - and the internet allows them to operate from any part of the world with anonymity. The ability to spot online scams is an important skill to have as the virtual world is increasingly becoming a part of every facet of our lives. The below tips will help you identify the signs which can indicate that a website could be a scam. Common Sense: Too Good To Be True When looking for goods online, a great deal can be very enticing. A Gucci bag or a new iPhone for half the price? Who wouldn’t want to grab such a deal? Scammers know this too and try to take advantage of the fact. If an online deal looks too good to be true, think twice and double-check things. The easiest way to do this is to simply check out the same product at competing websites (that you trust). If the difference in prices is huge, it might be better to double-check the rest of the website. Check Out the Social Media Links Social media is a core part of ecommerce businesses these days and consumers often expect online shops to have a social media presence. Scammers know this and often insert logos of social media sites on their websites. Scratching beneath the surface often reveals this fu
How do I recover my crypto after it’s stolen? What happens if your crypto wallet is compromised? Can stolen crypto be traced, and can police actually recover crypto in 2026? These are the questions most people ask within minutes of realizing their wallet has been drained. Crypto theft is fast, quiet, and unforgiving. By the time most victims notice something is wrong, the funds are already moving across the blockchain. Once seen as a problem for exchanges and whales, crypto theft now heavily affects everyday investors. Phishing links, fake support chats, wallet approval scams, SIM swaps, and malware attacks have become common. Knowing what recovery realistically looks like—and what it doesn’t—can prevent panic, bad decisions, and costly follow-up scams. In a Nutshell Crypto recovery is possible, but only in limited situations Blockchain transactions are irreversible, but stolen crypto can still be traced Speed and documentation matter more than optimism Police and exchanges play a bigger role than private recovery services Guaranteed recovery offers are almost always scams Is it Actually Possible to Recover Stolen Crypto? Yes, crypto recovery is possible, but only under specific conditions and rarely through direct action by the victim. Blockchain transactions are final by design. Once crypto is sent and confirmed, it cannot be reversed. There is no central authority, no chargeback process, and no technical “undo” button, even if the transaction was clearly fraudulent. This is where many people ask whether stolen crypto can be traced. In most cases, it can. Every transaction