Fake OneNote/Sharepoint emails try to steal your password


Emails claiming to be OneNote Audio files are really a trick to steal your Microsoft login and password.  They use Microsoft’s own SharePoint.com and Windows hosting to fool people.

Bleeping Computer with help from ransomware hunter Michael Gillespie show examples of a phishing email which claims to be from a contact sending you a OneNote audio file, hosted on SharePoint.

No part of Office is safe from hackers, not even OneNote.

Source: Bleeping Computer

Notice the “Email scanned by McAfee Ultimate 2019 Antivirus Scanning Service for Microsoft”?  It means nothing, just another line of text meant to fool you.

If you follow good security advice, you’ll check the ‘Listen to full message here’ link before clicking on it.  It’s a link to Sharepoint.com which is a Microsoft domain for hosted Sharepoint.  A link to Sharepoint.com should be safe …. WRONG!

That link opens up a very sincere looking OneNote web page that’s been made by the hackers on Microsoft’s Sharepoint platform for public access.

Source: Bleeping Computer

The trap is in the next link.  It’s uses the Windows.net domain name.  We’ve talked about this scam before.  Windows.net is owned by Microsoft and used by Azure customers to host their own web sites.

Criminals continue to use Azure and Windows.net links to host fake Microsoft account login pages on Microsoft’s own servers.

What’s a real Microsoft login page?

Real Microsoft logins will only be on these domains:

  • microsoft.com
  • live.com
  • microsoftonline.com
  • outlook.com

Microsoft should be doing a lot more to make fake login pages harder to make.  A good start would be applying some of their much-hyped AI technology to detecting fake Microsoft login pages being hosted on their own servers.

Combining the above four domains into a single login domain for all Microsoft services.  Then customers could be told that only one domain is a genuine login page and all others are fake.

Two Factor Authentication

Since Microsoft doesn’t seem interested in making fake logins harder to host on their computers, the best thing is Two-Factor Authentication.

Yes, we know we keep harping about Two-Factor Authentication.  Most of the login scams to steal passwords and identities can be stopped cold by using ‘2Fac’. It really is worth the trouble.

Want to know more about Two-Factor Authentication?

Windows 10 for Microsoft Office users and Office 365 for Windows Straight Talk both have chapters on Two Factor Authentication.  Step-by-step on setting up ‘2Fac’ for a Microsoft Account.


Want More?

Office Watch has the latest news and tips about Microsoft Office. Independent since 1996. Delivered once a week.