Researchers at Netskope Threat Labs recently brought to light a concerning “quishing” campaign that has been targeting Microsoft Office credentials with a significant spike in traffic to unique Microsoft Sway phishing pages, witnessing a staggering 2,000-fold increase in activity.
For those unfamiliar with the term, “quishing” is a type of phishing attack that leverages QR codes to lure unsuspecting users into accessing malicious pages, as explained by the experts at Netskope. This deceptive campaign has primarily focused its efforts on victims in Asia and North America, spanning across various sectors including technology, manufacturing, and finance.
The modus operandi of the attackers involves prompting their targets to scan a QR code using their mobile devices in the hopes that these personal devices lack the robust security measures typically present in corporate-issued equipment. This tactic capitalizes on the vulnerability of mobile devices to manipulation, making it easier for the perpetrators to gain unauthorized access to sensitive information.
In a statement provided by the researchers in their published article, they shed light on the specific techniques deployed in these QR phishing campaigns, drawing parallels to previous posts on transparent phishing and the use of Cloudflare Turnstile. By incorporating these methods into their attacks, the threat actors are able to enhance the effectiveness of their phishing schemes and increase the likelihood of successful compromises.
Notably, the attackers exploit the accessibility of Sway, a free application within the Microsoft 365 suite that can be accessed by anyone with a Microsoft account. By exploiting the credibility of legitimate cloud applications like Sway, the cybercriminals are able to convincingly deceive users into opening malicious pages. Moreover, the fact that Sway is accessed after a victim has already logged into their Microsoft 365 account adds another layer of legitimacy, making it even more challenging for users to discern the authenticity of the content they encounter.
To combat this evolving threat landscape, the researchers emphasize the importance of vigilance and proactive measures to mitigate the risks associated with such phishing attacks. They recommend that users exercise caution when interacting with QR codes and verify URLs by typing them directly into their web browsers. Additionally, organizations are urged to review and enhance their security policies to fortify their defenses against these sophisticated scams.
By raising awareness about the tactics employed by cybercriminals in “quishing” campaigns and providing practical guidance on how to protect against such threats, Netskope’s research serves as a valuable resource for individuals and businesses looking to safeguard their digital assets and privacy in an increasingly perilous online environment. Stay informed, stay cautious, and stay secure.