Avanan's research into a phishing campaign utilizing the collaboration app Milanote was featured in Threatpost. The article details the attack information, as well as the larger trend of utilizing legitimate sites for phishing. As they write:
From a cybercriminal point of view, convincing people to click that many times may be a downside to the approach, but the phish isn’t flagged by most SEGs or traditional security systems because the malicious URL is buried so deep in the attack chain. Having a legitimate service involved in the mix helps too, researchers noted.
Read the rest of the article below: