Skip to main content


Posted on Friday, July 12, 2019 in Privacy & Security

Alert! Internet criminals are sending a new phishing attack where they use a fake OneNote Audio Note as bait so they can trick you into giving up your Microsoft login information.

The scam comes in the form of an email with the subject "New Audio Note Received".  It claims you have a new audio message from a contact in your address book.  The email prompts you to click on a suspicious link in order to hear the full message.  Once you've clicked, you're brought to a fake OneNote Online page that is hosted on sharepoint.  This means the web page's URL contains "", which makes the fraudulent page more convincing.  This fake OneNote page contains another link, which you need to click on to finally listen to your "new message".

If you click this second link, you're prompted to sign in to your Microsoft account from a fake but realistic-looking Microsoft login page that is also hosted on Sharepoint.  If you enter your login details here, the bad guys will have full access to your account.  They can use this account to steal sensitive data or perform further attacks on your organization.

Don't fall for this scam!  It is important to remember that for Midrosoft accounts, Microsoft login forms will only be hosted on the following domains:,,, or And as a rule, when logging in to any online service, never use the link in the email.  Always type the web address into the browser yourself or use your normal bookmarks instead.

Stop, Look, and Think. Don't be fooled.
The KnowBe4 Security Team

Back to Top