Microsoft Sway abused in massive QR code phishing campaign

Microsoft Sway abused in massive QR code phishing campaign

August 27, 2024 at 10:05AM

A massive QR code phishing campaign exploited Microsoft Sway to host landing pages, targeting Microsoft 365 users primarily in Asia and North America. The attacks dramatically surged in July 2024, contrasting minimal activity in the first half of the year. Tactics included using QR codes to direct users to malicious sites and stealing credentials and multi-factor authentication codes.

Based on the meeting notes, here are the key takeaways:

– A massive QR code phishing campaign utilized Microsoft Sway to host landing pages and trick Microsoft 365 users into giving up their credentials.
– The attacks primarily targeted users in Asia and North America, with a focus on the technology, manufacturing, and finance sectors.
– Phishing landing pages were hosted on the sway.cloud.microsoft domain, encouraging targets to scan QR codes that redirected them to malicious websites.
– Attackers exploited weaknesses in mobile device security measures, making users more vulnerable to abuse.
– Various tactics, such as transparent phishing and the use of Cloudflare Turnstile, were employed to enhance the campaign’s effectiveness.
– The PerSwaysion phishing campaign, which targeted Office 365 login credentials years ago, also abused Microsoft Sway and successfully tricked high-ranking individuals at financial services companies, law firms, and real estate groups.

These takeaways provide a clear understanding of the nature and impact of the phishing campaign and the tactics employed by the attackers.

Full Article