SECURITY ALERT: Hackers Using Microsoft OneNote Attachments to Deliver Malware

February 06, 2023 | Posted in:

Security Bulletins & Alerts

Please be aware that cybercriminals are actively distributing malicious spam emails containing Microsoft OneNote attachments. The attachments are disguised to look like shipping notifications, shipping documents, invoices, and other common items.

When the fraudulent attachment is opened, a malicious script will be automatically launched and downloaded. This action will install malware from a remote site onto the victim's system.

Below is an example of a fake email containing a OneNote attachment:

OneNote Scam

If you receive an email with a OneNote Attachment, please do the following:

    • Report the email to IT support.
    • Follow IT support instructions.

Attackers have been distributing malware through Word and Excel email attachments for years, however, recent updates by Microsoft have made this process less reliable for hackers. Due to the successful changes, cybercriminals found a new way to distribute their malware. They began using a different file format through Microsoft OneNote, beginning as early as December 2022.

At Systems Engineering, we have recently observed these tactics first-hand which were ultimately blocked by our "Endpoint Advanced Detection" solution, which is included in our IT Essentials services and the recently introduced Foundations platform services.


This is a timely example of how your employees and staff are your first line of defense. It is critical to keep your staff up to date on current threats so they are better able to spot fraudulent emails. You can fill this gap by investing in annual cybersecurity training, bolstered by regular phishing tests. At Systems Engineering, our clients have access to leading cybersecurity awareness training solutions, including additional support to administer and manage any training delivery and reporting needs.

For clients looking for more information about Security Awareness Training and Administration, please reach out to your account manager. If you would like to learn more about our IT Essentials services or Foundations platform services, please contact us at info@systemsengineering.com or call 888.624.6737.