Gandalf_The_Grey
Level 83
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
- Apr 24, 2016
- 7,367
A massive QR code phishing campaign abused Microsoft Sway, a cloud-based tool for creating online presentations, to host landing pages to trick Microsoft 365 users into handing over their credentials.
The attacks were spotted by Netskope Threat Labs in July 2024 after detecting a dramatic 2,000-fold increase in attacks exploiting Microsoft Sway to host phishing pages that steal Microsoft 365 credentials. This surge sharply contrasts the minimal activity reported during the year's first half, showing the large scale of this campaign.
They primarily targeted users in Asia and North America, with the technology, manufacturing, and finance sectors being the most sought-after targets.
The emails redirected potential victims to phishing landing pages hosted on the sway.cloud.microsoft domain, pages that encouraged the targets to scan QR codes that would send them to other malicious websites.
Attackers often encourage victims to scan QR codes using their mobile devices, which typically come with weaker security measures, thus increasing the chances of bypassing security controls and allowing them to access phishing sites without restrictions.
"Since the URL is embedded inside an image, email scanners that can only scan text-based content can get bypassed. Additionally, when a user gets sent a QR code, they may use another device, such as their mobile phone, to scan the code," the security researchers explained.
"Since the security measures implemented on mobile devices, particularly personal cell phones, are typically not as stringent as laptops and desktops, victims are then often more vulnerable to abuse."
Microsoft Sway abused in massive QR code phishing campaign
A massive QR code phishing campaign abused Microsoft Sway, a cloud-based tool for creating online presentations, to host landing pages to trick Microsoft 365 users into handing over their credentials.
www.bleepingcomputer.com