Avanan's research into a phishing campaign utilizing the collaboration app Milanote was featured in SC Media. The article details the attack information, as well as the larger trend of utilizing legitimate sites for phishing. As they write:
Gil Friedrich, co-founder and CEO of Avanan, told SC Media in an interview that there are thousands of software-as-a-service applications that phishing scammers can potentially choose from to help mask their phishing schemes, knowing that these services are typically whitelisted by email security solutions. These actors avoid detection by “nesting [their] payloads in deeper layers within legitimate services, fooling…static scanners,” the Avanan post explains.
Keep reading for more information: