I’ve never heard of Microsoft Sway, but it seems to be the target of a 2,000 percent uptick in a recent attack.
The attack, which could come in as an email points people to a web page. That web page, presents a QR code.
This QR code must be scanned by your mobile device, which then can be redirected to a site that can deliver malware.
The article at Bleeping Computer is titled Microsoft Sway abused in massive QR code phishing campaign if you want to read it.
According to Jaws Picture Smart, the description says:
The image shows what appears to be a phishing attempt disguised as a message from Microsoft. It includes the Microsoft logo and the text, “Dear Microsoft Office User” followed by “The document below was shared to you using Advance Office365 file transfer software.” There is a QR code in the center, and instructions to use a smartphone to scan the QR code to authenticate the document. There is also a note in red warning to authenticate the QR code to access the document.
Remember! This is generic, and we’re sharing this so you are aware of how this works. This was the short description, not the long descriptions found by the models they use.
We hope that you find this article of interest and the description provided of value so you can learn what to look for.
GroupIB was part of the research here and they have been mentioned in prior podcasts.
Stay safe, stay aware, and learn.
Discover more from The Technology blog and podcast
Subscribe to get the latest posts sent to your email.