Microsoft Sway abused in massive QR code phishing campaign

August 30, 2024Source: Bleeping Computer

Found this useful? Share it with your network

A recently identified large-scale QR code phishing campaign has exploited Microsoft Sway to deceive Microsoft 365 users into revealing their credentials. Detected by Netskope Threat Labs in July 2024, the campaign marked a 2,000-fold increase in attacks primarily targeting users in Asia and North America, especially in the technology, manufacturing, and finance sectors. The phishing emails guided potential victims to Microsoft Sway-hosted pages that prompted them to scan QR codes, leading to malicious sites. This approach bypasses security scanners and preys on the weaker security of mobile devices. Attackers further enhanced the campaign’s effectiveness by using transparent phishing tactics and Cloudflare Turnstile to evade detection. This method mirrors the tactics used in the PerSwaysion campaign five years ago, which also targeted Office 365 credentials of high-ranking individuals in various sectors.

Read Full Article

Opens on Bleeping Computer

More News

AMA Asking For Stronger Safeguards on AI Mental Health Chatbots

April 29, 2026MobiHealthNews

Andrea Daugherty Appointed Chief Information and Digital Transformation Officer at ARMC

April 24, 2026arrowheadregional.org

Craig Richardville Appointed Chief Digital and Information Officer at UF Health

April 13, 2026ufhealth.org

Former AMA Exec Margaret Lozovatsky Named CDIO At Premier Health

April 10, 2026premierhealth.com

Signature Healthcare Diverts Ambulances Following Cybersecurity Incident

April 8, 2026SecurityWeek

More Than 100 Hospitals Suing HHS Over Alleged Underpayment

April 6, 2026MedCity News