August 27, 2024 at 03:47PM
A recent “quishing” campaign targeted Microsoft Office credentials, resulting in a 2,000-fold increase in traffic to malicious Microsoft Sway phishing pages. The campaign mainly targeted victims in Asia and North America across various industries. Researchers warn users to verify URLs and type them directly in the browser to avoid falling victim to such attacks.
The meeting notes highlighted a recent “quishing” campaign targeting Microsoft Office credentials, leading to a significant surge in traffic to unique Microsoft Sway phishing pages. The campaign, predominantly impacting victims in Asia and North America across various industries, used QR codes to trick users into accessing malicious pages. The attackers exploited the open access of Microsoft Sway, leveraging its legitimacy to deceive users and added another layer of legitimacy by targeting users already logged into their Microsoft 365 account. To mitigate such attacks, the researchers recommended users to verify URLs and manually type them into the web browser, while also encouraging organizations to review and update security policies for protection against these types of scams.