Phishing
Attackers create a shareable link for OneDrive files which use the 1drv.ms domain. The link is then utilized to phish users and have them download malware. Alternatively, phishing pages are create using OneNote and shared with users in hopes of clicking on a link that redirects them to a malicious domain.