keronmk.blogg.se - What is the microsoft sway app

#What is the microsoft sway app download#

Microsoft trusts Sway and its other productivity services implicitly, so this URL will bypass even the strictest SafeLinks settings. Even if users are unfamiliar with Sway, they have been taught to trust.

The two important links in the email to the fax and the faxing service both point to.

The preview image of the fax looks too important to ignore.

The recent date next to “Fax Received at:” suggests this attack is more sophisticated, using dynamically generated text rather than cut-and-pasted text.

(This is why image analysis is vital in phish detection.

Consistent branding helps convince potential victims that the email contains a fax.

The email was sent from an email address, so Microsoft trusts the domain, enabling it to pass most of the basic spoof filters.

In the email above, the same tricks that fool your users also fool Microsoft security: To convince potential victims to land on the Sway phishing page, hackers send emails with notifications for voicemails or faxes. Why are Microsoft Sway attacks so effective?

#What is the microsoft sway app download#

These links download a malicious file or lead to spoofed login page. Hackers intend for victims to click the hyperlinked URL “FAX MESSAGE” at the bottom.(Most commonly, the spoofed brands are Microsoft-affiliated, just like the SharePoint logo shown in the example above.) The Sway page will include trusted brand names.If your users are logged into an Office account, Sway pages appear wrapped in Office 365 styling with accompanying menus to be even more convincing.With that stamp of legitimacy, Sway pages bypass URL filters and any investigation that your users are capable of. It also serves as an easy point-and-click way to create a landing page that might fool your users.įor these reasons, Microsoft Sway has become a popular place for hackers to host phishing sites to run scams like the one below. Sway is a web app for creating PowerPoint-like presentations and newsletters.

Attackers can turn Microsoft Sway into most any site they like, causing both Outlook and even the most savvy recipients to trust links. That’s why this content creation service is used in phishing attacks.

Have you heard of Microsoft Sway? If you haven’t, there’s a good chance your users don’t know about it either.