"Microsoft Sway Abused in Massive QR Code Phishing Campaign"

A massive QR code phishing campaign has exploited Microsoft Sway, a cloud-based tool used for creating online presentations, to host landing pages aimed at tricking Microsoft 365 users into providing their credentials. Netskope Threat Labs discovered the attacks in July 2024, after detecting a significant increase in attacks involving Microsoft Sway to host phishing pages that steal Microsoft 365 credentials. This wave of attacks strongly differs from the minimal activity reported in the first half of the year, suggesting the campaign's large scale. They mainly targeted users in Asia and North America, with the most targeted industries being technology, manufacturing, and finance. This article continues to discuss findings regarding the massive QR code phishing campaign abusing Microsoft Sway.

BleepingComputer reports "Microsoft Sway Abused in Massive QR Code Phishing Campaign"

Submitted by grigby1