A recent scam that has come to light in which cyber criminals are using the Microsoft Sway’s domain name to create a fake voicemail message and landing pages, which encourage you to download “voice message” that has been left for you.

Here are some of the warning signs to look out from the Microsoft Sway Phishing email cyber-attack:

An example email:

Microsoft sway voice message

This is a prime example of what a Microsoft Sway phishing email may look like, as you can see, it looks very legitimate.

We have also verified that the email address that the above email came from is a real email address, “sent” from a staff member in that organisation.

What are the implications of this? This means that the criminal has most likely hacked and gained access to this email account and is sending emails from this address.

When you hover over the links “review file”, “listen” or “record audio” the URL that appears uses the domain “https://sway.office”.

This link then takes you to the below landing page.

The Landing Page:

Microsoft Sway phishing landing page

The landing page is very convincing due to the following factors:

  1. They use the what appears to be the correct domain for Microsoft Sway
  2. An SSL certificate has been used to make the website appear as ‘secure’ and will appear as a “https” website with a green padlock.
  3. The Icon for Microsoft Sway appears on the tab of the website landing page.

Lastly, the one remaining warning sign is that when you hover over the link “Download your audio message” the URL doesn’t match the previous domain of “sway.com” and instead is made up on random characters.

Microsoft Sway Phishing email link

We hope by breaking down a Microsoft Sway Phishing email, it brings awareness and will help users to not fall victim to this scam.

Contact us today if you’d like to get some further guidance from our cyber security experts.