Light Dark
January 14, 2020 By Shane Schick 2 min read

A phishing technique that makes use of Microsoft Sway could attack organizations even if they don’t use the tool, security researchers warn.

Cybercriminals are able to create landing pages that look like legitimate online content and dupe victims into clicking on a malicious URL by hosting them on sway.office.com, according to a post from Avanan.

Given that URL filters tend to trust this domain, the bogus landing pages may go undetected, and they can use Office 365 styling and menus to appear more genuine. Best known as a tool for creating a variety of digital content with a shareable link, Microsoft Sway is available on the Windows 10 app as well as online.

Beware of Urgent Fax and Voicemail Notifications

Researchers said some of the phishing pages include well-known Microsoft product logos, including SharePoint, as well as those from real fax service providers. The latter is important because some of the common tactics to create a sense of urgency around clicking the link for these phishing campaigns include sending messages that a fax or voicemail has been received.

The report showed one instance, for example, where attackers added a timestamp next to a “Fax Received” email message that came from an email address that ended with onmicrosoft.com. The bogus fax, meanwhile, was offered via a link using the sway.office.com domain.

While best practices to combat phishing attacks often include blacklisting worrisome domains, researchers said this probably wouldn’t work in this case since attackers may use several different domains and senders. It may also be unfeasible for those organizations that regularly use Microsoft Sway to block content that use its domain.

This isn’t the first time Sway has been identified as a tool for conducting phishing attacks; Forcepoint researchers published similar findings as far back as October 2018.

Reduce the Risks of Microsoft Sway Phishing Attacks

Microsoft provides an online form where those who come across phishing schemes can send samples for deeper analysis. Beyond that, test phishing engagements will ensure employees are properly trained and acting appropriately to prevent clicking on malicious links by accident or mistake.

Given the risk, however, implementing a model of least privilege will ensure that if someone does manage to use Microsoft Sway to dupe someone, the attackers won’t be able to access an organization’s most critical resources or data.

 |  |  |  |  |  |  |  |  | 
Shane Schick
Writer & Editor

More from

January 30, 2025

When ransomware kills: Attacks on healthcare facilities

4 min read - As ransomware attacks continue to escalate, their toll is often measured in data loss and financial strain. But what about the loss of human life? Nowhere is the ransomware threat more acute than in the healthcare sector, where patients’ lives are literally on the line.Since 2015, there has been a staggering increase in ransomware attacks on healthcare facilities. And the impacts are severe: Diverted emergency services, delayed critical treatments and even fatalities. Meanwhile, the pledge some ransomware groups made during…

January 29, 2025

AI and cloud vulnerabilities aren’t the only threats facing CISOs today

6 min read - With cloud infrastructure and, more recently, artificial intelligence (AI) systems becoming prime targets for attackers, security leaders are laser-focused on defending these high-profile areas. They’re right to do so, too, as cyber criminals turn to new and emerging technologies to launch and scale ever more sophisticated attacks.However, this heightened attention to emerging threats makes it easy to overlook traditional attack vectors, such as human-driven social engineering and vulnerabilities in physical security.As adversaries exploit an ever-wider range of potential entry points…

January 28, 2025

4 trends in software supply chain security

4 min read - Some of the biggest and most infamous cyberattacks of the past decade were caused by a security breakdown in the software supply chain. SolarWinds was probably the most well-known, but it was not alone. Incidents against companies like Equifax and tools like MOVEit also wreaked havoc for organizations and customers whose sensitive information was compromised.Expect to see more software supply chain attacks moving forward. According to ReversingLabs' The State of Software Supply Chain Security 2024 study, attacks against the software…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature