This attack vector of hosting a malicious URL within a Sway document has been known for over a year. With that stamp of legitimacy, Sway pages bypass URL filters and any investigation that your users are capable of. This type of phishing attack can succeed because it sends users to a trusted page hosted by Microsoft rather than a compromised website that would likely be blocked by web browsers and blacklists. "The reason for the blog post is to alert users to the fact that there are now active and aggressive campaigns in the wild," Landewe continued. ALL RIGHTS RESERVED. TechRepublic Premium: The best IT policies, templates, and tools, for today and tomorrow. Other links in the email pointed to LinkedIn, another trusted site. Because Microsoft trusts the domain, this email is able to bypass basic spoofing filters. If they get that information, they could gain access to your email, bank, or other accounts. He's written for Time, CNET, PCMag, and several other publications. “Attackers can turn Microsoft Sway into most any site they like, causing both Outlook and even the most savvy recipients to trust sway.com links,” the company pointed out, and noted that because the attackers are using multiple senders and domains, blacklisting them won’t work. Most commonly, the spoofed brands are Microsoft-affiliated, just like the SharePoint logo shown in the example above,” Avanan explained. In fact, phishing accounts for a … ]com, criminals can devise landing pages that look legitimate but actually carry malicious content. Those who fall for the scheme are directed to a landing page hosted on Sway, which instructs them to click on another link that will either download a malicious file or lead them to a spoofed Office 365 login page: “The Sway page will include trusted brand names. By creating and posting a Sway page on sway[.]office[. While the malicious sites are no longer online, at the time, each was deemed malicious by a variety of tools including Chrome, Firefox, Opera, and Microsoft's own Edge browser. Sway is an easy-to-use digital storytelling app for creating interactive reports, presentations, personal stories and more. This attack affected Avanan clients using EOP (Exchange Online Protection) and ATP (Advanced Threat Protection), and none of the links were blocked by Microsoft, suggesting that they weren't scanned by Microsoft.". Sway makes sure your creations look great on any screen. Post redacted at request of Office staff :) Over the last few years, phishing attacks have become the primary tool at the disposal of cybercriminals.