Security News > 2020 > September > Phishing scam uses Sharepoint and One Note to go after passwords
The Sharepoint link you're expected to click to access the One Note file does look suspicious because there's no clear connection between the sender's company and the location of the One Note lure.
It's only at this stage that the crooks present their call-to-action link - the click that they didn't want to put directly ino the original email, where it would have stood out more obviously as a phishing scam.
Second, the hacked events company where the crooks hid their phishing pages is in based Kyiv in Ukraine, and has a domain name that is neither related to the construction industry nor located in the UK, where the original email came from.
Don't let the crooks distract you by leading you away from your email client first to make their phishing page feel more believable when you get there.
If you are part of the IT security team, Phish Threat gives you a safe way to expose your staff to phishing-like attacks, so they can learn their lessons when it's you at the other end, not the crooks.