A highly targeted phishing campaign, with a Microsoft file platform twist, has successfully siphoned the Office 365 credentials of more than 150 executives since mid-2019.
Most are still online," Landewe said.
A new report has revealed that attackers are exploiting Microsoft Sway to send phishing emails to unsuspecting … Because the malicious Sway documents are still online a month after the active campaign, we can only assume that Microsoft is unaware that they contain malicious links.". How do I select a compliance solution for my business? Available on the Web and as a Windows 10 app, Microsoft Sway lets you create presentations, newsletters, and documentation complete with photos, videos, and other media.
Two links in the email to the alleged fax and fax service point to sway.office.com (Figure B). Microsoft Office Sway has found itself at the center of a new phishing concern.
One of phishers’ preferred methods for fooling both targets and email filters is to use legitimate services to host phishing pages.
The right type of branding and look for the email persuades users that it contains a legitimate fax. It allows users who have a Microsoft account to combine text and media to create a presentable website. Lance Whitney is a freelance technology writer and trainer and a former IT professional. Other links in the email pointed to LinkedIn, another trusted site. Unless your organization actively uses Sway, you should consider blocking Sway links,” they advised. You can then post your presentation on the Web via a shareable link that anyone can click to view it. Additionally, Microsoft performs a complete assessment of Sway content, including the scanning of links on the pages. MDR service essentials: Market trends and what to look for, Includes links in the email that point to, Let’s be realistic about our expectations of AI, Full-time bug hunting: Pros and cons of an emerging career, Crowdsourced pentesting is not without its issues.
The attack is triggered by sending potential victims a malicious Sway phishing page through email with notification for voicemail or fax. "In this case, our customers received a burst of email messages similar to those described in the post, each pointing to a different Sway document. In this way, the users are fooled into thinking that the phishing pages and URLs are valid. How to manage file and folder permissions in Linux, Research: Quantum computing in the enterprise; key vendors, anticipated benefits, and impact, Why cybersecurity is a big problem for small businesses, Comment and share: How cybercriminals are using Microsoft Sway to launch phishing attacks. If you log into a Sway site with an Office account, these pages appear with Office 365 styling and menus to make them appear more convincing. Here's how. With Sway, your images, text, videos, and other multimedia all flow together in a way that enhances your story. Such a page typically displays a tempting URL that invites the victim to click on it. Avanan customers who were targeted in this Sway phishing attack received the same message from different senders. Instead, many customers have simply blacklisted sway.office.com in their web filters. Since the pages are hosted are on Microsoft’s own Sway domain, it becomes quite easy for the phishing pages and their links to be automatically trusted by URL filters. If you log into a Sway site with an Office account, these pages appear with Office 365 styling and menus to make them appear more convincing.
This attack vector of hosting a malicious URL within a Sway document has been known for over a year.
Spam Text Messages and Phishing. However, even if your organization doesn't use this software, you can still be vulnerable to phishing attacks that are hosted from Sway, according to Avanan. Even if the intended victim doesn't use Sway, that person will likely trust any email from office.com. This would cause the download of malware or trigger a spoofed login page. A malicious Sway page can include trusted brand names affiliated with Microsoft, such as a SharePoint logo.
Such a page typically displays a tempting URL that invites the user to click on it but then downloads malware or triggers a spoofed login page (Figure A).
ALL RIGHTS RESERVED. The app lets the user create presentations, newsletters, and documents complete with photos, videos, and other media. ]com, criminals can devise landing pages that look legitimate but actually carry malicious content. A recent date next to the "Fax Received at" text suggests that this is a sophisticated attack since adding a timestamp makes the spoofed email seem urgent and important. Microsoft Sway is an app that is available on the Web and Windows 10. "The reason for the blog post is to alert users to the fact that there are now active and aggressive campaigns in the wild," Landewe continued. "Each Sway document pointed to a spoofed Microsoft login. Cyware Labs, 1460 Broadway, New York, NY 10036.
To follow up on Guida's comment, Avanan founder Michael Landewe said that the company can only speak to what it finds in real-world analysis. Post redacted at request of Office staff :)
Top 5 programming languages for security admins to learn, Top 10 antivirus software options for security-conscious users, End user data backup policy (TechRepublic Premium), How to become a cybersecurity pro: A cheat sheet, Mastermind con man behind Catch Me If You Can talks cybersecurity, Windows 10 security: A guide for business leaders, Online security 101: Tips for protecting your privacy from hackers and spies, Cybersecurity and cyberwar: More must-read coverage. In response to a request for comment, a spokesperson for Microsoft sent TechRepublic the following statement: "Contrary to Avanan's marketing claims, Microsoft does not automatically trust any domain, including the Office and Sway domains. According to Avanan, the phishing attack also affects those organizations that do not use the software. Because Microsoft trusts the domain, this email is able to bypass basic spoofing filters.
This article was updated on January 14, 2020, with comments from Avanan. Delivered Tuesdays and Thursdays.
On its end, Microsoft does offer ways that you can submit spam or phishing messages that passed through its spam filters. Once the recipient logs into a Sway site with an Office account, the malicious page appears to be legitimate with Office 365 styling and menus.
Blessings & Peace, Hugo. With that stamp of legitimacy, Sway pages bypass URL filters and any investigation that your users are capable of.
Its built-in design engine helps you create professional designs in minutes.
Microsoft itself trusts the Sway and Office domains, so this URL will sneak past Safe Link settings.
Because the criminals use multiple senders and domains, blacklisting them won't work. Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Cybercriminals Leverage Microsoft Sway in a Phishing Attack. (It is possible that the infrastructure that Microsoft uses to scan documents within Sway are of a different technology and have not yet taken down these pages from last month.)
Top 5 programming languages web developers should learn, Holiday gift guide 2020: STEM toys, tech gifts, splurges, and more, Top business tech trends for 2021: Gartner predicts hyperautomation, AI and more will dominate, iPhone 12 cheat sheet: Everything you need to know. Scammers send fake text messages to trick you into giving them your personal information – things like your password, account number, or Social Security number. A new report has revealed that attackers are exploiting Microsoft Sway to send phishing emails to unsuspecting users. Sway was offered for general release by Microsoft in August 2015.
The attack is triggered by sending potential victims a malicious Sway phishing page through email with notification for voicemail or fax. "The reason that attackers host these malicious links within Microsoft servers is because both Microsoft, and users tend to trust Microsoft sites," Landewe added.
The attackers were using the novel method for distributing malicious links hosted through the legitimate ‘sway.office.com’.
.Kyle Giersdorf Wiki, Depop Find User, The Icebox Magnolia Springs, What Happened To Elise Jordan, Aster Multiseat Crack Reddit, Farzad Nazem Net Worth, Homographs List Pdf, Felipe Caicedo Net Worth, Animelab Mod Apk, Feeling Faint Anxiety, Do Female Goats Stink, Talia Tilley Instagram, Boonie Planet Shutting Down, How To Watch Packer Game Without Cable, Legacy Of The Crystal Shard Trove, Remington 7600 Carbine 308 For Sale, Picture Of Naomi Biden, Love In A Fallen City Eileen Chang Summary, Still Feel High Day After Edible, Vanilla Sky Vf, Carlisle At489 25x11x12, Leonard Shoen Wife, Funny Essay On Siblings, Discord How To Make Roles Appear On The Side, Dan Walker Family, Grey Pitbull Adoption, What Is It Called When You Put A Hamster In Your Bum, Interesting Chemistry Questions, Where Is Car Fix Garage Located, Zaditor Eye Drops Coupon, Cine 34 Streaming Estero, G815 Custom Keycaps, 2018 International Building Code Pdf, Time's Winged Chariot Allusion, Open Heart Surgery Survival Rate By Age, Icon I40 Price, Lil Bean Music, 3 Phase Full Load Current Formula, How To Play A 6 Hole Bamboo Flute, Warframe Best Sword Stance, Japanese Word For Storm Dragon, Index Of World Of Dance Season 3, Christine Romans Net Worth, Oregon Property Tax Vs California, Arnold Kirkeby Net Worth, How To Play Sao Fatal Bullet With Friends, Nordstrom Lost Package Reddit,