Skip to content
1-844-301-HELP

Protect your Business from Malicious OneNote Attachments

|  Security

Microsoft OneNote is a free digital notebook application that is included in the Microsoft Office suite. Threat actors are now using OneNote attachments to distribute malware. Users need to be aware of the threat and how it’s orchestrated to prevent threat actors from installing malware and gaining access to files, passwords, and even recording video using webcams. We recommend that you refrain from opening attachments from individuals you do not know.  

How it Works 

Attachments come through email as .ONE files and are often sent as zip files or through links, sometimes even directly attached to the email. In November 2021 and February 2022, Microsoft announced that by default it would block Excel 4 and VBA macros in files that were downloaded from the Internet. Hackers have moved away from malware in Word and Excel documents due to these changes. .ONE variations include: .ONEPKG, .ONEBIN, .ONECACHE files and should be avoided if you do not know exactly where these are from. We would suggest not opening any .ONE files and asking for senders to send the information in a different format. 

94% of the malware is delivered by email.  -Verizon

The OneNote phishing emails often include fake invoices, delivery notices or notifications appearing from legitimate companies, service providers, institutions or authorities. Such emails have blurred-out images with text stating ‘Double Click to View’ or 'Click to View Document.' Once a file is downloaded it runs a malicious script that initiates communication with a remote server to install malware.  endpoint security

It is crucial that users take precaution and: 

  • Do not disregard warnings by the application 
  • Use Multifactor Authentication 
  • Be vigilant when opening any email attachments or links 
  • Ensure your business has adequate endpoint security in place 
  • Tag emails with an External Sender warning when received from external domain 
  • Stay informed! 

If your staff have not received any formal cybersecurity training, or you are concerned about your security posture, please reach out to us.
Picture of Nucleus Networks Nucleus Networks

We are local!

WE HAVE PRESENCE IN VICTORIA, VANCOUVER, PRINCE GEORGE, CALGARY, AND TORONTO.

Victoria Vancouver Calgary Toronto Prince George