Phishing is a constant threat for organisations and individuals alike. The scam, which involves sending emails that masquerade as legitimate organisations to fraudulently obtain sensitive information, targets hundreds of millions of organisations and people daily.
Microsoft OneNote users are the latest target of a phishing scam. An email entitled “New Audio Note Received” is purportedly sent from a contact in the user’s address book.
Image of phishing scam email Source: Bleeping Computer
Once “Listen to full message here” is clicked, the user is redirected to a Microsoft SharePoint–hosted website that is identical to OneNote Online. The user is then prompted to click another link to listen to the audio note.
If clicked, the user is redirected to an exact replica of the Microsoft homepage, where they are asked to enter their username and password to verify their identity. If the user fails to spot the scam, enters their information and signs in, they give the criminal hackers the information they set out to extort.
Replica Microsoft homepage create by criminal hackers.
Source: Bleeping Computer
How to spot the scam
Subtle differences can be found between a legitimate Microsoft page and the criminal hackers’ page. The design may look identical to the original and uses legitimate Microsoft certificates, but the URL does not include the signature microsoft.com or onedrive.com addresses.
Prevent phishing attacks in your organisation
The hard part is remembering these and other clues so that you can spot a suspicious email before it’s too late.
Organisations that want to help their employees should consider our Phishing and Ransomware – Human patch e-learning course.
This online training course is the perfect introduction to phishing, providing a crash course in email-based threats. In just a few minutes, you and your staff will understand what phishing is, how it works and what to look for.
Further reading:
