According to experts, cybercriminals are using Microsoft Sway to host landing pages used in phishing campaigns.
Cybersecurity researchers at Netskope Threat Labs noticed the attack and recorded a 2,000x increase in the number of exploits in July 2024.
You could be forgiven for not knowing what Sway is. It’s a niche product from Microsoft, a cloud-based presentation and storytelling tool that people can use to create interactive reports, presentations, newsletters, and other similar content. It’s part of the Microsoft Office suite and is accessible via the browser.
Transparent phishing
Netskope discovered that anonymous threat actors used Sway to create presentations with a QR code. This code redirected victims to a phishing landing page that looked like a Microsoft 365 login site. Those who fell for the scam ended up giving away their credentials.
This is not the first time that hackers have used QR codes in phishing attacks. Since a QR code is usually an image file (.JPG), it cannot be scanned by antivirus programs and can therefore bypass various email security services. In addition, a QR code is usually read via a smartphone (because it is easier to point the phone’s camera instead of a laptop), which generally have weaker protection than computers. Cybercriminals have been using QR codes for years.
However, this campaign also uses something called “transparent phishing,” a method where the victim actually logs into the legitimate site, while simultaneously passing the stolen credentials (including MFA codes) to the scammers.
The victims are mainly from Asia and North America and work in the technology, manufacturing and financial sectors.
Cybercriminals are constantly evolving their phishing tactics, but the defense strategy remains the same: be vigilant and critical of all incoming emails, especially those that create a sense of urgency.
Via BleepingComputer
