August 29, 2024 at 06:07AM
A recent QR phishing campaign targeting Office 365 users in North America and Asia has been using Microsoft Sway to host phishing pages, as reported by Netskope. The attackers send QR codes to victims, leading them to a fake Microsoft login page to steal credentials. The abuse of Sway and Cloudflare Turnstile makes these attacks distinct.
The meeting notes highlight a QR phishing campaign targeting Office 365 users in North America and Asia, which involves abusing Microsoft Sway for hosting phishing pages. The campaign, also known as quishing, relies on sending QR codes to intended victims that direct them to a malicious website, aiming to obtain their login information or serve malware.
This particular campaign observed by Netskope features phishing pages almost indistinguishable from the legitimate Microsoft login page, aimed at convincing victims to disclose their credentials. Attackers leverage victims’ mobile devices, presuming they have less stringent security measures than corporate-issued ones, thereby providing unrestricted access to the phishing site.
Additionally, the attackers abuse Sway, a free application within Microsoft 365, to share the phishing pages. Victims are led to believe in the legitimacy of the attacks as they use their existing Microsoft account when opening the Sway page. This has resulted in a significant increase in traffic to Sway phishing pages in July, targeting Microsoft 365 accounts.
Furthermore, the attackers use Cloudflare Turnstile to protect their pages and employ a transparent phishing technique where the HTML code on the phishing page closely resembles that of the legitimate page. The phishing pages’ domain pattern sway.cloud.microsoft is noted as easily recognizable by Netskope, and they advise users to check the URL to avoid falling victim to such attacks.
These meeting notes shed light on a sophisticated and evolving phishing technique that has significant implications for the security of Microsoft 365 users. It’s essential for organizations and individuals to be vigilant and implement robust security measures to protect against such threats.