Fake OneNote/Sharepoint emails try to steal your password


Office for Mere Mortals
Your beginners guide to the secrets of Microsoft Office
Invalid email address
Tips and help for Word, Excel, PowerPoint and Outlook from Microsoft Office experts.  Give it a try. You can unsubscribe at any time.  Office for Mere Mortals has been running for over 20 years, we've never, ever revealed or sold subscriber details.  Privacy policy

Emails claiming to be OneNote Audio files are really a trick to steal your Microsoft login and password.  They use Microsoft’s own SharePoint.com and Windows hosting to fool people.

Bleeping Computer with help from ransomware hunter Michael Gillespie show examples of a phishing email which claims to be from a contact sending you a OneNote audio file, hosted on SharePoint.

No part of Office is safe from hackers, not even OneNote.

fake onenote sharepoint emails try to steal your password microsoft office 29388 - Fake OneNote/Sharepoint emails try to steal your password

Source: Bleeping Computer

Notice the “Email scanned by McAfee Ultimate 2019 Antivirus Scanning Service for Microsoft”?  It means nothing, just another line of text meant to fool you.

If you follow good security advice, you’ll check the ‘Listen to full message here’ link before clicking on it.  It’s a link to Sharepoint.com which is a Microsoft domain for hosted Sharepoint.  A link to Sharepoint.com should be safe …. WRONG!

That link opens up a very sincere looking OneNote web page that’s been made by the hackers on Microsoft’s Sharepoint platform for public access.

fake onenote sharepoint emails try to steal your password microsoft office 32845 - Fake OneNote/Sharepoint emails try to steal your password

img 5d2dfa61e79c0 - Fake OneNote/Sharepoint emails try to steal your passwordSource: Bleeping Computer

The trap is in the next link.  It’s uses the Windows.net domain name.  We’ve talked about this scam before.  Windows.net is owned by Microsoft and used by Azure customers to host their own web sites.

fake onenote sharepoint emails try to steal your password microsoft office 32847 - Fake OneNote/Sharepoint emails try to steal your password

Source: Bleeping Computer

Criminals continue to use Azure and Windows.net links to host fake Microsoft account login pages on Microsoft’s own servers.

What’s a real Microsoft login page?

Real Microsoft logins will only be on these domains:

  • microsoft.com
  • live.com
  • microsoftonline.com
  • outlook.com

Microsoft should be doing a lot more to make fake login pages harder to make.  A good start would be applying some of their much-hyped AI technology to detecting fake Microsoft login pages being hosted on their own servers.

Combining the above four domains into a single login domain for all Microsoft services.  Then customers could be told that only one domain is a genuine login page and all others are fake.

Two Factor Authentication

Since Microsoft doesn’t seem interested in making fake logins harder to host on their computers, the best thing is Two-Factor Authentication.

Yes, we know we keep harping about Two-Factor Authentication.  Most of the login scams to steal passwords and identities can be stopped cold by using ‘2Fac’. It really is worth the trouble.

Want to know more about Two-Factor Authentication?

Windows 10 for Microsoft Office users and Office 365 for Windows Straight Talk both have chapters on Two Factor Authentication.  Step-by-step on setting up ‘2Fac’ for a Microsoft Account.

subs profile e1563205311409 - Fake OneNote/Sharepoint emails try to steal your password
Latest news & secrets of Microsoft Office

Microsoft Office experts give you tips and help for Word, Excel, PowerPoint and Outlook.

Give it a try. You can unsubscribe at any time.  Office Watch has been running for over 20 years, we've never, ever revealed or sold subscriber details.  Privacy policy
Invalid email address