Evernote used in BEC attacks.
N2K logoFeb 23, 2023

Evernote used to bypass security checks.

Evernote used in BEC attacks.

Avanan warns that attackers are abusing the note-taking app Evernote to host malicious links.

Evernote used to pass security filters.

Avanan observed an attack in which an account belonging to the president of an organization was compromised. The attackers used the account to send phishing emails with a link to an Evernote page, purporting to contain a “secure message.” The Evernote page hosted a link to a credential-harvesting phishing site.

“It starts with an email from the President of an organization,” Avanan says. “The account was compromised, so the email will pass all authentication measures. The message itself is not malicious. It links to a document in Evernote–not a malicious site. From a security perspective, this looks clean. If you’re an end-user, it looks clean. Using a legitimate site like Evernote–particularly if Evernote is already used in that organization–adds a ton of credence. In short, it’s an incredibly well-crafted attack.”

Security best practices.

Avanan offers the following recommendations to help users avoid falling for these attacks:

  • “Create processes for employees to follow when paying invoices or entering credentials
  • “Implement advanced security that looks at more than one indicator to determine in an email is clean or not
  • “Utilize malicious URL detection and rewriting to follow the link to its intended destination in a safe manner”