How cybercriminals are using Microsoft Sway to launch phishing attacks
Attackers are creating phishing sites from Sway, an effective approach as links for the domain are typically trusted, says security firm Avanan. However, even if your organization doesn't use this software, you can still be vulnerable to phishing attacks that are hosted from Sway, according to Avanan. Since the pages are hosted on Microsoft's own Sway domain, the pages and their links are automatically trusted by URL filters and can easily fool users into thinking they're valid. To convince potential victims to access a malicious Sway phishing page, cybercriminals will send emails with notifications for voicemails or faxes, hoping that unsuspecting users will click on the link or image. Microsoft itself trusts the Sway and Office domains, so this URL will sneak past Safe Link settings. This type of phishing attack can succeed because it sends users to a trusted page hosted by Microsoft rather than a compromised website that would likely be blocked by web browsers and blacklists.
.png)
.png){kind=icon}
.png){kind=icon}
.png){kind=icon}
