![]() One notable detail observed is the use of a footer note that says the email was scanned by a certain brand of security software. Other notable deception tactics usedĪpart from using bogus OneNote audio recordings as a lure, there are other deceptive elements that cybercriminals designed to make the phishing emails harder to spot for recipients. The impersonation of popular brands is continually being used by cybercriminals in credential phishing attacks, 3.5 million of which were flagged by the Trend Micro™ Cloud App Security™ solution in 2018. A legitimate-looking but bogus Microsoft login page would have appeared, prompting the user to log in with their Microsoft account credentials, which would have been effectively stolen. This link directs the user to another SharePoint page, albeit one that is currently disabled. On the page, the heading reads “You Have A New Audio Message” and, as in the email, the body shows the aforementioned hyperlinked call to action. When that URL is clicked, the user is directed to a fake OneNote Online page hosted on a SharePoint subdomain. The body also includes the call to action “LISTEN TO FULL MESSAGE HERE,” which is hyperlinked with a phishing URL. The phishing email arrives bearing the subject “New Audio Note Received” and a message body stating that a contact sent a new audio message. Using OneNote audio as a brand impersonation tactic In a new phishing campaign reported by Bleeping Computer, audio recordings purportedly shared via OneNote were used as a lure to lead email recipients to a fake Microsoft login page that steals user account credentials. Cybercriminals continue to impersonate Microsoft services to cast wider phishing nets. ![]()
0 Comments
Leave a Reply. |