Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Whitepapers
    • AI Models Leaderboard
  • AI toolsNEW
  • Newsletter
  • + More
    • Glossary
    • Conversations
    • Events
    • About
      • Who we are
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
  • AI
  • Tech
  • Cybersecurity
  • Finance
  • DeFi & Blockchain
  • Startups
  • Gaming
Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Whitepapers
    • AI Models Leaderboard
  • AI toolsNEW
  • Newsletter
  • + More
    • Glossary
    • Conversations
    • Events
    • About
      • Who we are
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
Dataconomy
No Result
View All Result

Attackers use “native phishing” with M365 and AI tools

In real-world incidents observed by Varonis Threat Labs, attackers created a malicious OneNote file and saved it in the compromised user's OneDrive.

byKerem Gülen
July 17, 2025
in Research
Home Research
Share on FacebookShare on TwitterShare on LinkedInShare on WhatsAppShare on e-mail
Google Preferred Source

A Varonis blog post by author Tom Barnea, details how attackers are using a tactic called native phishing to bypass security defenses. The article explains that this method leverages trusted internal applications like Microsoft 365 and easy-to-use no-code platforms to deceive users and steal credentials with high success rates.

How native phishing works

Native phishing delivers malicious content using an organization’s own trusted systems, making it feel legitimate to the recipient. The attack begins after a threat actor compromises a single user’s Microsoft 365 credentials. Instead of sending an easily spotted fake email, the attacker uses the compromised account to carry out the attack from within the organization’s environment.

In real-world incidents observed by Varonis Threat Labs, attackers created a malicious OneNote file and saved it in the compromised user’s OneDrive. They then used the built-in OneDrive sharing feature to send a link to this file to hundreds of other employees. The resulting email notification was a legitimate, automated alert from Microsoft, appearing to come from a trusted colleague. This method avoids traditional email scanning for malicious attachments and bypasses human suspicion.

Stay Ahead of the Curve!

Don't miss out on the latest insights, trends, and analysis in the world of data, technology, and startups. Subscribe to our newsletter and get exclusive content delivered straight to your inbox.

The OneNote application is an effective vehicle for this because it is not subject to Microsoft’s Protected View security feature, its flexible formatting allows for deceptive layouts, and it can embed malicious links. This shifts the attack from technical exploits to social engineering.


Why we might lose our only window into how AI thinks


The role of no-code platforms

Once a user clicks the link in the shared OneNote file, they are redirected to a fake login page that is nearly identical to their company’s real authentication portal. The research highlights that these convincing phishing sites are often built using free, AI-powered no-code platforms.

The report identifies the platform Flazio as the tool used to create a replica login page in one incident. Varonis has also observed attackers using other no-code services like ClickFunnels and JotForm to quickly build and host customized phishing pages with minimal effort or cost. These platforms allow attackers to easily create fraudulent but professional-looking pages designed to steal user credentials.

To defend against these tactics, Varonis provides several recommendations:

  • Enforce MFA and conditional access for all users to reduce the risk of account takeover.
  • Run regular phishing simulations to build awareness and test employee responses.
  • Ensure internal channels for reporting suspicious activity are clear and accessible.
  • Review and tighten Microsoft 365 sharing settings to limit unnecessary internal file exposure.
  • Set alerts for unusual file sharing behavior and monitor traffic to known no-code site builders.

Featured image credit

Tags: native phishing

Related Posts

Anthropic research introduces GRAM for isolating dangerous AI knowledge

Anthropic research introduces GRAM for isolating dangerous AI knowledge

July 9, 2026
Global PC shipments fall 5% as AI-driven memory crisis hits supply chains

Global PC shipments fall 5% as AI-driven memory crisis hits supply chains

July 9, 2026
Only 6% of Singapore desk workers use AI daily, says Salesforce

Only 6% of Singapore desk workers use AI daily, says Salesforce

July 8, 2026
Anthropic J-lens reveals hidden workspace inside Claude

Anthropic J-lens reveals hidden workspace inside Claude

July 7, 2026
Gartner: Customers prefer ChatGPT over company chatbots

Gartner: Customers prefer ChatGPT over company chatbots

July 6, 2026
Alibaba framework allegedly cuts AI agent token use by 99%

Alibaba framework allegedly cuts AI agent token use by 99%

July 3, 2026

LATEST NEWS

Claude Fable 5 free access extended until July 19

Samsung Galaxy Z TriFold 2 launch may be delayed

Apple to skip M6 Pro and Max chips, fast-tracks M7 lineup for AI focus

OpenAI lifts GPT-5.6 Sol usage limits temporarily

OpenAI launches ChatGPT Work productivity app

Meta files patent for AI-powered emotional monitoring device

BEST AI MODELS LEADERBOARD

See the best AI models, ranked by intelligence, benchmark results, speed and token price. Find the most suitable LLMs, Text-to-Image, Image Editing, Text-to-Speech, Text-to-Video and Image-to-Video  artificial intelligence model for your tasks and business.

LATEST TOOLS

Mootion

Legacy AI

Copyseeker

ProPhotos

Kuki AI

Create

RemodelAI

AItwitch

Vadoo AI

Greptile AI

Dataconomy

COPYRIGHT © DATACONOMY MEDIA GMBH, ALL RIGHTS RESERVED.

  • About
  • Imprint
  • Contact
  • Legal & Privacy

Follow Us

  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Whitepapers
    • AI Models Leaderboard
  • AI tools
  • Newsletter
  • + More
    • Glossary
    • Conversations
    • Events
    • About
      • Who we are
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
No Result
View All Result
Subscribe

This website uses cookies to improve your experience. You can choose to accept or reject them. Visit our Privacy Policy.