Microsoft's Sway Serves as Launchpad for 'Quishing' Campaign

Last month, researchers uncovered a "quishing" campaign targeting Microsoft Office credentials, incurring an abrupt 2,000-fold increase in traffic to unique Microsoft Sway phishing pages. 

Quishing refers to a form of phishing that uses QR codes to trick users into opening malicious pages, according to the researchers at Netskope Threat Labs.

The campaign has targeted victims mainly in Asia and North America, across multiple industries such as technology, manufacturing, and finance.

"Attackers instruct their victims to use their mobile devices to scan the QR code in hopes that these mobile devices lack the stringent security measures typically found on corporate issued ones," said the researchers in an article. "These QR phishing campaigns employ two techniques from previous posts: the use of transparent phishing and Cloudflare Turnstile."

Sway is a free Microsoft 365 application that anyone with a Microsoft account can access. Attackers, however, take advantage of this open access, using the credibility of these legitimate cloud applications to deceive users. Not just this, but Sway is accessed once a victim is already logged into their Microsoft 365 account, adding an additional layer of legitimacy to persuade these users into opening malicious pages.

The researchers advise that users check URLs and type them directly into the Web browser to avoid falling victim to such attacks. They also recommend that organizations review security policies to ensure they are protected against these kinds of scams.