Security News > 2020 > January > How cybercriminals are using Microsoft Sway to launch phishing attacks

Last year, Microsoft did roll out phishing detection to Microsoft Forms, an online product that lets people create surveys, quizzes, and polls.

"Contrary to Avanan's marketing claims, Microsoft does not automatically trust any domain, including the Office and Sway domains. All links are analyzed, assessed and compared to known attack vectors, including local domains. Additionally, Microsoft performs a complete assessment of Sway content, including the scanning of links on the pages."

Responding to Microsoft's statement, Avanan content marketing manager Reece Guida pointed to the specific attack found by the company and said: "Our security team found that Microsoft did not block Office and Sway domains in this attack. This attack vector wasn't known. This attack affected Avanan clients using EOP and ATP, and none of the links were blocked by Microsoft, suggesting that they weren't scanned by Microsoft."

"Each Sway document pointed to a spoofed Microsoft login. While the malicious sites are no longer online, at the time, each was deemed malicious by a variety of tools including Chrome, Firefox, Opera, and Microsoft's own Edge browser. Because of this, we could only assume that the link within the Sway documents had not been scanned."

"Because we monitor and block threats behind Microsoft's EOP and ATP, we can determine that the Sway invites are not currently being blocked by Outlook/Office 365 email filters. Because the malicious Sway documents are still online a month after the active campaign, we can only assume that Microsoft is unaware that they contain malicious links."

News URL

https://www.techrepublic.com/article/how-cybercriminals-are-using-microsoft-sway-to-launch-phishing-attacks/#ftag=RSS56d97e7