Home Hacking News OneNote Audio Note Phishing Scam Looks For Victims Microsoft Account Credentials
Hacking NewsLatest Cyber Security News | Network Security HackingNews

OneNote Audio Note Phishing Scam Looks For Victims Microsoft Account Credentials

by Abeerah Hashim
written by Abeerah Hashim

One more phishing scam has made it to the news due to another innovative trick. This time, the scammers strive to fool users by exploiting audio notes. This OneNote Audio Note phishing campaign seemingly aims at stealing your Microsoft accounts’ credentials.

OneNote Audio Note Phishing Scam

Reportedly, BleepingComputer has caught up with a phishing scam that seemingly preys on Microsoft users. As stated in a recent blog post, the scammers now run a OneNote Audio Note phishing campaign to trick users.

This phishing attack begins by sending email messages to the users, telling them they have received an audio note from someone in their address book. The email subject line reads “New Audio Note Received”. Yet, to listen to this audio note, the user is supposedly required to click on an embedded link.

To further make the email look ‘safe’, the email content also contains a prominent footer mentioning its antivirus scan status.

OneNote audio note phishing

Source: BleepingComputer

Upon clicking the link, the user then sees a SharePoint hosted website that mocks OneNote Online. This webpage also requires the visitor to click on a link to supposedly listen to the audio note.

Source: BleepingComputer

This webpage then redirects to another web page that resembles the genuine Microsoft account login page. This page requires the users to enter the Microsoft account credentials to proceed. The design of this page has a lot of similarity to the genuine Microsoft website. Nonetheless, a smart user can detect its fraudulence by a quick look at the URL.

Source: BleepingComputer

An unlucky user may well  fall prey to this scam and enter the account credentials, regardless of whether the users are smart enough or not, the scammers seem vigilant to add genuineness to their scam. They have arranged legitimate Microsoft certificates for the scam web pages hosted on SharePoint.com.

Things Becoming ‘Phishy’…

Over the past few days, we have seen many different types of phishing campaigns coming up. From Google Calendar to encrypted messaging to QR codes, the scammers are trying every possible strategy to trick users. Hence, it has become inevitable that users must stay wary of such scams not only at an individual level but at the organizational level as well, it would seem there is an ongoing need for social engineering assessments to be carried out within companies to ensure their assets are protected.

Let us know your thoughts in the comments.

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

You may also like

Multiple Vulnerabilities Found In Forminator WordPress Plugin

Palo Alto Networks Patched A Pan-OS Vulnerability Under...

Apple Removed Numerous Apps From China App Store

Xiid SealedTunnel: Unfazed by Yet Another Critical Firewall...

Personal Data Exposed in Massive Global Hack: Understanding...

Guardz Welcomes SentinelOne as Strategic Partner and Investor...

Invision Community Vulnerabilities Risk E-Commerce Websites

Microsoft April Patch Tuesday Fixes Dozens of RCE...

Match Systems publishes report on the consequences of...

Cypago Announces New Automation Support for AI Security...