Security News > 2020 > January > Office 365 users: Beware of phishing emails pointing to Office Sway
The latest example of this involves Office 365 users being directed to phishing and malicious pages hosted on Office Sway, a web application for content creation that's part of Microsoft Office.
"The Sway page will include trusted brand names. Most commonly, the spoofed brands are Microsoft-affiliated, just like the SharePoint logo shown in the example above," Avanan explained.
If the recipient is logged into an Office account, Sway pages appear wrapped in Office 365 styling with accompanying menus, making the page even more convincing.
"Attackers can turn Microsoft Sway into most any site they like, causing both Outlook and even the most savvy recipients to trust sway.com links," the company pointed out, and noted that because the attackers are using multiple senders and domains, blacklisting them won't work.
"Instead, we've seen many clients blacklist sway.office.com in their web filters. Unless your organization actively uses Sway, you should consider blocking Sway links," they advised.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/6AKmXwlC_y8/
Related news
- Beware of phishing emails delivering backdoored Linux VMs! (source)
- New Phishing Tool GoIssue Targets GitHub Developers in Bulk Email Campaigns (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Phishing emails increasingly use SVG attachments to evade detection (source)
- Hackers Use Corrupted ZIPs and Office Docs to Evade Antivirus and Email Defenses (source)
- European companies hit with effective DocuSign-themed phishing emails (source)
- Microsoft fixes bug behind random Office 365 deactivation errors (source)