Skip to Content
OneNote phishing emails
© Engdao Wichitpunya |
Security & privacy

Scammers’ latest trick: Getting you to open a OneNote document

Cybercriminals have been spreading malware through phishing emails for quite a while. But a new twist is making the rounds catching victims off guard. Instead of using malicious Word docs to spread malware, they have turned their attention to OneNote documents.

Read on to see how these simple docs are being used to exploit victims and ways to outsmart the attacks.

Risks of opening a OneNote doc

Microsoft OneNote, included with both Microsoft Office and Microsoft 365, finds itself at the center of a new phishing scheme that’s already tricked lots of innocent people.

The topics of the emails themselves appear to vary between cases. Spoofed credit union forms, shipping notifications and more have all been reported by victims. This approach seems to be a workaround for disabled macros.

The criminals evolved when Microsoft recently decided to disable macros by default in Word docs to protect users from sneaky phishing schemes. After being thwarted by in-line security warnings about malicious files, links and images, they discovered the solution described above.

OneNote documents cannot support macros but can be used to harbor duplicated inserted attachments that can be activated as soon as you open the file and double-click on a link hiding the payload. Malware is delivered from an external site, and the rest is history.

If you click the malicious link, you will be powerless to stop the situation from unfolding. If you receive an unsolicited message containing a .one document, ignore it completely. 

Ways to outsmart phishing attacks

Phishing attacks have been around for a long time and aren’t going away soon. That’s why it’s critical to know how to avoid falling victim. Here are safety precautions that can help:

  • Don’t click links you receive in unsolicited emails or text messages. They could be malicious and infect your device with malware.
  • Never open Word, Excel or OneNote files attached to unsolicited emails. If you open one of these documents and it says you need to enable macros, close the file and delete it immediately.
  • Utilize strong spam filters that can prevent an accidental invitation.
  • Keep your computer and mobile devices updated to the latest version. Operating system and application updates safeguard you against the latest threats, and it’s your first line of defense against malware.
  • Use two-factor authentication and password managers for better security.
  • Always have a trusted antivirus program updated and running on all your devices. We recommend our sponsor, TotalAV. Right now, get an annual plan with TotalAV for only $19 at That’s over 85% off the regular price!

Keep reading

Are facial recognition cams like the ones in China coming to a store near you?

Think your phone is always listening? You’re not alone

Komando Community background

Join the Komando Community

Get even more know-how in the Komando Community! Here, you can enjoy The Kim Komando Show on your schedule, read Kim's eBooks for free, ask your tech questions in the Forum — and so much more.

Try it for 30 days