Scammers Use Milanote App to Host Phishing Content and Avoid Detection by Secure Email Gateways

Milanote App Phishing ContentThe “Evernote for creatives” collaborative platform is being used to legitimately host malicious links that point victims to phishing links, bypassing detection mechanisms.

This isn’t the first time we’ve seen legitimate services being misused to host malicious content and links. Cloud-based services including Sharepoint, OneDrive, Dropbox, Google Drive, and many, many more have all been made use of by one threat actor or another over the years. The principle is simple: use a legitimate service to host malicious links, etc. hoping that the guise of it living on a known-good platform will be enough to throw off security solutions designed to detect malicious content.

In the case of a new attack discovered by security researchers at Avanan, the Milanote collaboration platform is the latest in the long list of misused services. According to Avanan, emails are sent under the guise of a due invoice, complete with attachment. The attachment contains a link to the Milnote platform which, in turn, contains a link to malicious content.

The good news for organizations is the creative effort put into this is so bad that is should be obvious to anyone that this is anything but an invoice:


Source: Avanan

Users who have been educated using Security Awareness Training will spot this for what it is at the initial email, let alone the barren-looking initial link, or the supposed invoice PDF above. By teaching your users that these methods that require multiple steps to avoid detection should be a red flag, as an invoice should be nothing more than an attached PDF or a link to a legitimate invoicing site (e.g., Quick Books, Bill, etc.).

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Topics: Phishing

Subscribe To Our Blog

Cybersecurity Awareness Month 2021 Free Resource Kit

Get the latest about social engineering

Subscribe to CyberheistNews