Nov 6, 2020

A malicious Sway page can include trusted brand names affiliated with Microsoft, such as a SharePoint logo. ", Responding to Microsoft's statement, Avanan content marketing manager Reece Guida pointed to the specific attack found by the company and said: "Our security team found that Microsoft did not block Office and Sway domains in this attack. According to Avanan, the phishing attack also affects those organizations that do not use the software. Even if the intended victim doesn't use Sway, that person will likely trust any email from office.com. Top 5 programming languages for security admins to learn, Top 10 antivirus software options for security-conscious users, End user data backup policy (TechRepublic Premium), How to become a cybersecurity pro: A cheat sheet, Mastermind con man behind Catch Me If You Can talks cybersecurity, Windows 10 security: A guide for business leaders, Online security 101: Tips for protecting your privacy from hackers and spies, Cybersecurity and cyberwar: More must-read coverage. The right type of branding and look for the email persuades users that it contains a legitimate fax. Unless your organization actively uses Sway, you should consider blocking Sway links,” they advised. Received a follow up email asking me if I wanted to be flown to Redmond to participate in a day-long Sway meeting next week (copied and pasted below). "The reason for the blog post is to alert users to the fact that there are now active and aggressive campaigns in the wild," Landewe continued. All links are analyzed, assessed and compared to known attack vectors, including local domains. Sway was offered for general release by Microsoft in August 2015. “Attackers can turn Microsoft Sway into most any site they like, causing both Outlook and even the most savvy recipients to trust sway.com links,” the company pointed out, and noted that because the attackers are using multiple senders and domains, blacklisting them won’t work. And if the recipient is logged into an Office account, Sway pages appear wrapped in Office 365 styling with accompanying menus, making the page even more convincing. Most commonly, the spoofed brands are Microsoft-affiliated, just like the SharePoint logo shown in the example above,” Avanan explained. Cyware Labs, 1460 Broadway, New York, NY 10036. Because of this, we could only assume that the link within the Sway documents had not been scanned. It allows users who have a Microsoft account to combine text and media to create a presentable website. The attack is triggered by sending potential victims a malicious Sway phishing page through email with notification for voicemail or fax. Blessings & Peace, Hugo. "Each Sway document pointed to a spoofed Microsoft login. If they get that information, they could gain access to your email, bank, or other accounts.

Honda Reflex Maintenance, Comma After Congratulations, Tough Guy Actors 1930s, Winco Bulk Bin List, Should I Kill Patches Ds3, June's New Shoes, Koh Lanta L'ile Au Tresor Streaming Episode 8,

Leave a Reply

Your email address will not be published. Required fields are marked *