Kingston Police warning public about Microsoft OneNote phishing emails
Local police are advising citizens of a new phishing scam being used by internet criminals involving a Microsoft OneNote audio note.
According to Kingston Police, the scammers use a fake OneNote audio note as bait to trick victims into giving up their Microsoft login information. The scam comes in the form of an email with the subject “New Audio Note Received,” and the email prompts users to click on a suspicious link in order to hear the full message.
“Once you’ve clicked, you’re brought to a fake OneNote Online page that is hosted on Sharepoint. This means the web page’s URL contains ‘sharepoint.com,’ which makes the fraudulent page more convincing. This fake OneNote page contains another link, which you need to click on to finally listen to your ‘new message,’” Kingston Police said in a press release on Wednesday, Jul. 10, 2019.
If the user clicks the second link, they are prompted to sign into their Microsoft account from a “fake but realistic-looking” Microsoft login page, which is also hosted on Sharepoint.
“If you enter your login details here, the bad guys will have full access to your account,” Kingston Police said. “They can use this account to steal sensitive data or perform further attacks on you or your organization.”
Kingston Police are reminding the public at for Microsoft accounts, Microsoft login forms will only be hosted by:
- microsoft.com
- live.com
- microsoftonline.com
- outlook.com
“As a rule, when logging in to any online service, never use the link in the email. Always type the web address into the browser yourself or use your normal bookmarks instead,” Kingston Police said.