A phishing campaign is targeting Office 365 users specifically at financial services firms, according to a report from the Information Security Media Group (ISMG). The attacks — named “PerSwaysion” due to their use of Microsoft Sway to try to persuade users to offer up their log-in credentials — have compromised more than 150 businesses as of May 1.


Who’s at risk?

Actors behind the PerSwaysion campaign are using whaling in an attempt to steal sensitive information and ultimately jeopardize alpha. Whaling, so that we’re all on the same page, is a form of spear phishing that targets “big fish,” preying on executives with the greatest influence and access to funds, nonpublic financial records and sensitive trading information.

The ISMG lists the lack of multi-factor authentication (MFA) in Office 365 as a significant driver in the success of these attacks. At Agio, you’ve heard us say this a million times, MFA is a key element to Brilliance in the Basics —  we 100% recommend enabling MFA for all externally accessible systems to prevent phishing attacks.


How to identify a PerSwaysion attack

PerSwaysion actors have been attacking victims in three phases:

  1. Users receive a PDF attachment disguised as an Office 365 file-sharing notification. The attachment contains a “read now” link prompting users to click through.
  2. Once clicked, users are taken to what appears to be an Office 365 file-sharing site.
  3. That file-sharing page leads to a phishing site resembling a Microsoft single sign-on page. “If a user inputs their corporate Office 365 credentials into the page, they get routed to a separate data server and an email gets immediately sent to attackers,” ISMG says.



Tactically, to reduce your risk of phishing attacks we recommend again, enabling MFA for O365, a Phishing Protection solution, training employees to recognize the indicators of a fraudulent email and immediately report suspicious activity. Strategically, we recommend more holistic solutions around Governance and Detection & Response to truly and effectively combat bad actors and the increasingly sophisticated techniques they leverage when targeting the financial services industry.  Contact us to have a deeper conversation about how might be able to help.

See also  Vital Lessons from LPL & Ameriprise Ahead of Copilot Implementation

Learn More