The tools that cybersecurity professionals use are getting more and more sophisticated. They can now identify a known malicious link or attachment and strip it from the email so it never arrives in your inbox.  To get around that limitation, hackers are hiding their malicious links and attachments in legitimate documents.  This latest attack is a perfect example of that tactic.

This one is scary in it’s precision.  It was sent to only two email addresses. Both recipients have higher level network and financial access. The email looks like this

 

 

It looks innocent enough. In fact, if you check the link it goes to a Microsoft site. Clicking the link takes you here.

 

 

This is a legitimate OneNote notebook.  The icons however are just pictures, not clickable links and the links below them are flagged as malicious.  Had the user clicked on the link,  their login credentials would have been quietly harvested.

In this type of attack, the hacker often shares or pretends to share  a document with you.  The email usually asks for your input and is purposely vague and low key. Should you open one of these documents and find only links to another document, close the document and contact the IT Service desk. Your quick action could save your data.