Security News > 2020 > January > How cybercriminals are using Microsoft Sway to launch phishing attacks
Last year, Microsoft did roll out phishing detection to Microsoft Forms, an online product that lets people create surveys, quizzes, and polls.
"Contrary to Avanan's marketing claims, Microsoft does not automatically trust any domain, including the Office and Sway domains. All links are analyzed, assessed and compared to known attack vectors, including local domains. Additionally, Microsoft performs a complete assessment of Sway content, including the scanning of links on the pages."
Responding to Microsoft's statement, Avanan content marketing manager Reece Guida pointed to the specific attack found by the company and said: "Our security team found that Microsoft did not block Office and Sway domains in this attack. This attack vector wasn't known. This attack affected Avanan clients using EOP and ATP, and none of the links were blocked by Microsoft, suggesting that they weren't scanned by Microsoft."
"Each Sway document pointed to a spoofed Microsoft login. While the malicious sites are no longer online, at the time, each was deemed malicious by a variety of tools including Chrome, Firefox, Opera, and Microsoft's own Edge browser. Because of this, we could only assume that the link within the Sway documents had not been scanned."
"Because we monitor and block threats behind Microsoft's EOP and ATP, we can determine that the Sway invites are not currently being blocked by Outlook/Office 365 email filters. Because the malicious Sway documents are still online a month after the active campaign, we can only assume that Microsoft is unaware that they contain malicious links."
News URL
Related news
- Cybercriminals exploit file sharing services to advance phishing attacks (source)
- Cybercriminals Exploit HTTP Headers for Credential Theft via Large-Scale Phishing Attacks (source)
- Microsoft 365 anti-phishing feature can be bypassed with CSS (source)
- Microsoft 365 anti-phishing alert “erased” with one simple trick (source)
- How Phishing Attacks Adapt Quickly to Capitalize on Current Events (source)
- Microsoft fixes 6 zero-days under active attack (source)
- Google raps Iran's APT42 for raining down spear-phishing attacks (source)
- Xeon Sender Tool Exploits Cloud APIs for Large-Scale SMS Phishing Attacks (source)
- CERT-UA Warns of New Vermin-Linked Phishing Attacks with PoW Bait (source)
- Microsoft Sway abused in massive QR code phishing campaign (source)