Latest phishing scam targets Microsoft OneNote users

Phishing is a constant threat for organisations and individuals alike. The scam, which involves sending emails that masquerade as legitimate organisations to fraudulently obtain sensitive information, targets hundreds of millions of organisations and people daily.  

Microsoft OneNote users are the latest target of a phishing scamAn email entitled “New Audio Note Received” is purportedly sent from a contact in the users address book.  

 

Image of phishing scam email Source: Bleeping Computer

Image of phishing scam email Source: Bleeping Computer

 

Once “Listen to full message here” is clicked, the user is redirected to a Microsoft SharePointhosted website that is identical to OneNote Online. The user is then prompted to click another link to listen to the audio note.  

If clicked, the user is redirected to an exact replica of the Microsoft homepage, where they are asked to enter their username and password to verify their identity. If the user fails to spot the scam, enters their information and signs in, they give the criminal hackers the information they set out to extort. 

 

Replica Microsoft homepage create by criminal hackers. Source: Bleeping Computer

Replica Microsoft homepage create by criminal hackers.
Source: Bleeping Computer

 

How to spot the scam

Subtle differences can be found between a legitimate Microsoft page and the criminal hackers page. The design may look identical to the original and uses legitimate Microsoft certificates, but the URL does not include the signature microsoft.com or onedrive.com addresses. 


 

Prevent phishing attacks in your organisation

The hard part is remembering these and other clues so that you can spot a suspicious email before it’s too late.  

Organisations that want to help their employees should consider our Phishing and Ransomware – Human patch e-learning course 

This online training course is the perfect introduction to phishing, providing a crash course in email-based threats. In just a few minutes, you and your staff will understand what phishing is, how it works and what to look for. 


Further reading: 

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.