A recent surge in phishing attacks, known as “quishing,” has been targeting Microsoft Office credentials by using QR codes to direct users to malicious Microsoft Sway phishing pages.
Description
This campaign has seen a significant increase in attacks, particularly in Asia and North America [1] [2] [3], across various industries such as technology, manufacturing [1] [3], and finance [1] [3]. Attackers exploit the open access to Sway [2], a free Microsoft 365 application [2], to deceive users and steal their credentials. By leveraging the credibility of legitimate cloud applications [2], attackers use techniques like transparent phishing to trick users into accessing these malicious pages [2]. Netskope reported in July 2024 that attackers focused on technology, manufacturing [1] [3], and finance sectors [1] [3], directing victims to phishing pages on the “Swaycloudmicrosoft” domain via email [3]. Exploiting mobile device vulnerabilities [3], attackers used QR codes to lead users to malicious sites [3], bypassing security measures and email scanners [3]. Tactics included transparent phishing to steal data while displaying legitimate sign-in pages [3], and using Cloudflare Turnstile to hide malicious content [3]. To protect against such attacks [2], users are advised to carefully check URLs and manually type them into the web browser. Organizations should also review their security policies to prevent falling victim to these scams [2].
Conclusion
These phishing attacks pose a serious threat to organizations and individuals, especially in the technology [1], manufacturing [1] [3], and finance sectors [1] [3]. It is crucial for users to remain vigilant and verify URLs before entering any credentials. Organizations must strengthen their security measures and policies to safeguard against these evolving cyber threats.
References
[1] https://www.it-connect.fr/microsoft-sway-utilise-dans-une-importante-campagne-de-phishing-par-code-qr/
[2] https://www.darkreading.com/vulnerabilities-threats/microsofts-sway-serves-as-launchpad-for-quishing-campaign
[3] https://www.altusintel.com/public-yycx25/?tt=1724778903