Here’s how it works: you’ll get an email in your inbox with the subject “New Audio Note Received” and says that you have received a new audio message from a contact in your address book. But here’s the bait – to listen to the message, you need to click on a link in the email.
Now the funny thing is that the scammers have actually added something to the bottom of the email message to make it appear legitimate. For example, it could say that the email was “Scanned by McAfee Ultimate 2019 Antivirus Scanning Service for Microsoft.”
Either way, clicking on the “Listen to full message here” link, will direct you to a fake OneNote Online page which states that “You have a new audio message” and then prompts you to click on a link to listen to it. If you click on the link, you’ll be brought to another page that prompts you to login with your Microsoft credentials.
Now this fake page should look familiar. It’s been recycled by a variety of phishing scams that pretend to be from Microsoft services such as OneNote, Office 365, and Outlook. However, as the phishing pages are being hosted on Sharepoint.com domain by a compromised user account, it comes with a legitimate certificate from Microsoft, that’s the green lock at the top of the browser next to the url. Unfortunately, it makes these scamming websites pretty convincing in their authenticity.
The Take Away
For Microsoft accounts and Outlook.com logins, remember that legitimate Microsoft login forms will only be on microsoft.com, live.com, microsoftonline.com, and outlook.com domains only. If you are asked to log in with a Microsoft login form from any other URL, it should be avoided.
Stay safe out there.