Skip to main content

SCAM OF THE WEEK: Cybercriminals Are Using Microsoft's Sway Application in Phishing Scams

Posted on Friday, January 24, 2020 in Privacy & Security

Most business environments trust the Microsoft brand and the bad guys often use this to their advantage. Now, they've figured out how they can use Microsoft's Sway application to steal your login details. Sway is used to create online presentations that are hosted on Microsoft-owned domains that you can share with anyone by sending a link.

The phishing attack typically starts with an email that is disguised as a "New Fax Received" or "New Voicemail" notification. You're instructed to click a link in the email to view the message. If you click the link you're brought to a fake Microsoft login page that looks just like the real thing. Even the web address looks legitimate! That's because the login page is actually a presentation that was created with the Sway application.  If you mistakenly enter your login details here, the criminals will steal this information and your account will be at risk.

Remember the following to protect yourself from these types of attacks:

  • Never click on a link or an attachment that you weren't expecting.  Even if it appears to be from a person of an organization that you're familiar with, the sender's email address could be spoofed.
  • Whenever you need to log in to an account or online service that you use, always navigate to the login page yourself using your browser, rather than clicking on links in an email.
  • Get familiar with the format of your fax and voicemail notification emails. If you're ever in doubt, contact the proper department in your organization before you click on any links or download attachments.
Back to Top