This phishing attempt is all about timing. If an attacker sends a million of these, they’ll probably find a few potential victims waiting for somebody to share content. The game is, fool the victim into believing this is the content they’re waiting on, so they open the attachment, and then the attacker will own them.
When this hit my inbox, one of my grandsons was on a week-long summer camp trip and the camp leaders had talked about sharing pictures. I had also talked about sharing pictures at my church. Maybe somebody from one of those groups was trying to share something. So, instead of flushing this email, I opened it. The timing worked.
But this one has two problems. First, Infrasupport has nothing inside OneDrive. Second, and this makes me laugh, if you’re going to fudge in a fake email address, next time, try something your victim might recognize. I don’t know anyone with a .co.uk email address. Do you?
I’ll give this one a C-.
For more phishing samples, see my phish collection.