PerSwaysion phishing campaign:
was your email compromised or not?


PerSwaysion is a series of sophisticated successful phishing attacks, discovered and analyzed by Group-IB. The attacks were carried out against the management and executives of 156 companies in the US, Canada, Germany, the UK, Netherlands, Hong Kong, Singapore, and in other countries. The campaign received its name due to the extensive abuse of Microsoft Sway. It has been active since at least mid-2019 and was attributed to Vietnamese speaking developers and Nigerian operators.

The cybercriminals gained access to many confidential corporate Office365 emails of mainly financial services companies, law firms, and real estate groups. The PerSwaysion campaign proliferates with alarming rates by leveraging compromised accounts’ email data to select further targets who hold important roles and share business relation with the victims.

The detailed technical analysis of PerSwaysion operations and attack scheme is available in Group-IB’s blog post.

Check whether your email was compromised by PerSwaysion or not

Searching for an email address only ever retrieves the address from storage then returns it in the response, the searched address is never stored anywhere unless you intentionally agreed to Group-IB subscription.

We use cookies on the website to make your browser experience more personal, convenient and secure. You may block or manage the use of cookies, however, in some cases they’re essential to make this site work properly. Learn more about cookies in Group-IB Privacy And Cookies Policy.