Microsoft Sway abused in massive QR code phishing campaign
Bleeping Computer
|
Contributed by: Sarah Richardson
Summary
A recently identified large-scale QR code phishing campaign has exploited Microsoft Sway to deceive Microsoft 365 users into revealing their credentials. Detected by Netskope Threat Labs in July 2024, the campaign marked a 2,000-fold increase in attacks primarily targeting users in Asia and North America, especially in the technology, manufacturing, and finance sectors. The phishing emails guided potential victims to Microsoft Sway-hosted pages that prompted them to scan QR codes, leading to malicious sites. This approach bypasses security scanners and preys on the weaker security of mobile devices. Attackers further enhanced the campaign’s effectiveness by using transparent phishing tactics and Cloudflare Turnstile to evade detection. This method mirrors the tactics used in the PerSwaysion campaign five years ago, which also targeted Office 365 credentials of high-ranking individuals in various sectors.