OneNote Audio Note Phishing Scam Looks For Victims Microsoft Account Credentials

  •  
  •  
  •  
  • 4
  •  
  •  
  •  
    4
    Shares

One more phishing scam has made it to the news due to another innovative trick. This time, the scammers strive to fool users by exploiting audio notes. This OneNote Audio Note phishing campaign seemingly aims at stealing your Microsoft accounts’ credentials.

OneNote Audio Note Phishing Scam

Reportedly, BleepingComputer has caught up with a phishing scam that seemingly preys on Microsoft users. As stated in a recent blog post, the scammers now run a OneNote Audio Note phishing campaign to trick users.

This phishing attack begins by sending email messages to the users, telling them they have received an audio note from someone in their address book. The email subject line reads “New Audio Note Received”. Yet, to listen to this audio note, the user is supposedly required to click on an embedded link.

To further make the email look ‘safe’, the email content also contains a prominent footer mentioning its antivirus scan status.

OneNote audio note phishing
Source: BleepingComputer

Upon clicking the link, the user then sees a SharePoint hosted website that mocks OneNote Online. This webpage also requires the visitor to click on a link to supposedly listen to the audio note.

Source: BleepingComputer

This webpage then redirects to another web page that resembles the genuine Microsoft account login page. This page requires the users to enter the Microsoft account credentials to proceed. The design of this page has a lot of similarity to the genuine Microsoft website. Nonetheless, a smart user can detect its fraudulence by a quick look at the URL.

Source: BleepingComputer

An unlucky user may well  fall prey to this scam and enter the account credentials, regardless of whether the users are smart enough or not, the scammers seem vigilant to add genuineness to their scam. They have arranged legitimate Microsoft certificates for the scam web pages hosted on SharePoint.com.

Things Becoming ‘Phishy’…

Over the past few days, we have seen many different types of phishing campaigns coming up. From Google Calendar to encrypted messaging to QR codes, the scammers are trying every possible strategy to trick users. Hence, it has become inevitable that users must stay wary of such scams not only at an individual level but at the organizational level as well, it would seem there is an ongoing need for social engineering assessments to be carried out within companies to ensure their assets are protected.

Let us know your thoughts in the comments.

The following two tabs change content below.
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!