Microsoft OneNote Phishing: New Attack Vector Exploits Users
A new phishing campaign is exploiting Microsoft's OneNote files, bypassing security systems, and targeting users with convincing fake notifications. Cybersecurity experts advise training and enhanced security measures to protect against these attacks.
Phishing messages, disguised as internal OneDrive file-sharing notifications, are evading security systems. These messages trick users into opening malicious links, compromising their accounts. Attackers then create OneNote files in OneDrive, increasing the number of victims.
Malware groups are using free, AI-powered website builders like Flazio to create phishing sites. Low-code and no-code platforms, such as ClickFunnels and JotForm, are also employed to capture user information through online forms. Notably, Google Sites is exploited to create convincing fake authentication sites, leveraging Google's infrastructure and services like DKIM signatures and OAuth.
To combat these threats, Varonis recommends setting up alerts for unusually high file-sharing messages and enabling multi-factor authentication (MFA) on individual accounts. Cybersecurity and data hygiene training is advised to protect against these types of attacks.
Phishing campaigns are evolving, with Microsoft OneNote files now used as a new attack vector. Low-code platforms enable quick, personalized campaigns. To stay safe, users should be vigilant, and organizations should implement robust security measures, including training, alerts, and MFA.
