New Phishing Scam: Using Microsoft OneNote Audio Note

Phishing email attacks are not new issues but they are growing in sheer number as phishing scammers keep bringing up new ways to trick their targets. In a new phishing campaign reported by Bleeping Computer, Microsoft OneNoteAudio Note is used as a brand impersonation tactic to lure email recipients into disclosing their login credentials.

This campaign starts with an email titled “New Audio Note Received” stating that a contact in the address book has sent you a new audio note. If you clickthe hyperlinked “LISTEN TO FULL MESSAGE HERE”, you will be directed to a fake OneNote web page hosted on

On this page, you are again urged to click another link to get the audio message you want. This link brings you to a look-alike but counterfeit Microsoft login page that is waiting to steal your account credentials.

It is worth mentioning that the cybercriminals even “gently” remind you in the footer notes that this email was scanned by an antivirus software. Attackers also get a legitimate certificate signed by Microsoft as the phishing pages are hosted on These tactics are designed to make the phishing email indistinguishable by users.

Email Isolation Technology specially designed for Phishing Attack

Such kind of brand impersonation attacks are becoming prevalent in the recent years. Besides educating employees to avoid falling for phishing scams, organizations can also consider adopting security solutions with anti-phishing technologies such as Email Isolation technology. Green Radar grMail is a phishing isolation solution that help detect phishing email in such case, which has few or no indication for any filtering engine to detect. With our isolation technology, all emails will be opened in our isolated platform, leaving only safe and malware-free message in user’s device. If a user does click the suspicious link and enter a fake login page, a reminder banner will be popped up to ask the user to re-consider his/her information input action. Only the user approve the action will Green Radar enable the text input function.