Check Point Email Security | Blog

Passing Notes: Phishing Attack Leverages OneNote

Written by Jeremy Fuchs | November 6, 2020

One of the most appealing parts of the Microsoft suite is all that you can do with it. Spreadsheets in Excel. Presentations in PowerPoint. Note taking in OneNote.

But because they're all connected, that means that East-West attacks can profligate. Get access to your O365 account and it can spread like wildfire. Even Microsoft, in a recent report,  is tracking this:

We’ve seen cybercriminals leverage the most popular cloud services, email sending services, and file sharing services to launch attacks.

Now, cybercriminals are leveraging one of Microsoft's own services—and Microsoft missed it.

 

The Attack: Avanan researchers discovered a new phishing email that looks like this: 

If you click, it takes you to a OneNote page that looks like this:

 

That link, of course, is a phishing link.

Though Avanan stopped this attack, it passed by ATP's scanners.

Why it Matters: The phishing landscape is no longer just email. everything matters. Your file sharing services are at risk. Your collaboration apps are at risk. And there's risk even beyond email to the web page.  

That's why an all-encompassing approach to cybersecurity is needed. Don't just protect one thing—protect everything.

Think of it as business security.