Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
  • AI
  • Tech
  • Cybersecurity
  • Finance
  • DeFi & Blockchain
  • Startups
  • Gaming
Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
Dataconomy
No Result
View All Result

Attackers use “native phishing” with M365 and AI tools

In real-world incidents observed by Varonis Threat Labs, attackers created a malicious OneNote file and saved it in the compromised user's OneDrive.

byKerem Gülen
July 17, 2025
in Research
Home Research

A Varonis blog post by author Tom Barnea, details how attackers are using a tactic called native phishing to bypass security defenses. The article explains that this method leverages trusted internal applications like Microsoft 365 and easy-to-use no-code platforms to deceive users and steal credentials with high success rates.

How native phishing works

Native phishing delivers malicious content using an organization’s own trusted systems, making it feel legitimate to the recipient. The attack begins after a threat actor compromises a single user’s Microsoft 365 credentials. Instead of sending an easily spotted fake email, the attacker uses the compromised account to carry out the attack from within the organization’s environment.

In real-world incidents observed by Varonis Threat Labs, attackers created a malicious OneNote file and saved it in the compromised user’s OneDrive. They then used the built-in OneDrive sharing feature to send a link to this file to hundreds of other employees. The resulting email notification was a legitimate, automated alert from Microsoft, appearing to come from a trusted colleague. This method avoids traditional email scanning for malicious attachments and bypasses human suspicion.

Stay Ahead of the Curve!

Don't miss out on the latest insights, trends, and analysis in the world of data, technology, and startups. Subscribe to our newsletter and get exclusive content delivered straight to your inbox.

The OneNote application is an effective vehicle for this because it is not subject to Microsoft’s Protected View security feature, its flexible formatting allows for deceptive layouts, and it can embed malicious links. This shifts the attack from technical exploits to social engineering.


Why we might lose our only window into how AI thinks


The role of no-code platforms

Once a user clicks the link in the shared OneNote file, they are redirected to a fake login page that is nearly identical to their company’s real authentication portal. The research highlights that these convincing phishing sites are often built using free, AI-powered no-code platforms.

The report identifies the platform Flazio as the tool used to create a replica login page in one incident. Varonis has also observed attackers using other no-code services like ClickFunnels and JotForm to quickly build and host customized phishing pages with minimal effort or cost. These platforms allow attackers to easily create fraudulent but professional-looking pages designed to steal user credentials.

To defend against these tactics, Varonis provides several recommendations:

  • Enforce MFA and conditional access for all users to reduce the risk of account takeover.
  • Run regular phishing simulations to build awareness and test employee responses.
  • Ensure internal channels for reporting suspicious activity are clear and accessible.
  • Review and tighten Microsoft 365 sharing settings to limit unnecessary internal file exposure.
  • Set alerts for unusual file sharing behavior and monitor traffic to known no-code site builders.

Featured image credit

Tags: native phishing

Related Posts

OpenAI: GDPval framework tests AI on real-world jobs

OpenAI: GDPval framework tests AI on real-world jobs

September 26, 2025
Hugging Face: AI video energy use scales non-linearly

Hugging Face: AI video energy use scales non-linearly

September 26, 2025
Kaist creates self-correcting memristor for AI chips

Kaist creates self-correcting memristor for AI chips

September 24, 2025
Sophos: AI deepfakes hit 62% of firms last year

Sophos: AI deepfakes hit 62% of firms last year

September 24, 2025
Delphi-2M AI predicts 1000+ diseases using over 400k medical records

Delphi-2M AI predicts 1000+ diseases using over 400k medical records

September 23, 2025
Deepmind details AGI safety via frontier safety framework

Deepmind details AGI safety via frontier safety framework

September 23, 2025

LATEST NEWS

Asus ROG Ally, Ally X preorders open; ships October 16

OpenAI: GDPval framework tests AI on real-world jobs

Hugging Face: AI video energy use scales non-linearly

Apple Wallet digital ID expands to North Dakota

Salesforce Agentforce hit by Noma “ForcedLeak” exploit

BetterPic: The industry-leading AI headshot generator

Dataconomy

COPYRIGHT © DATACONOMY MEDIA GMBH, ALL RIGHTS RESERVED.

  • About
  • Imprint
  • Contact
  • Legal & Privacy

Follow Us

  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
No Result
View All Result
Subscribe

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.