Prevention
- Security Assessment
- Red Teaming
- Compliance Audit
- Pre-IR Assessment
- Compromise Assessment
- Cyber Education
- GIB Crypto
PerSwaysion phishing campaign:
was your email compromised or not?
CheckPerSwaysion is a series of sophisticated successful phishing attacks, discovered and analyzed by Group-IB. The attacks were carried out against the management and executives of 156 companies in the US, Canada, Germany, the UK, Netherlands, Hong Kong, Singapore, and in other countries. The campaign received its name due to the extensive abuse of Microsoft Sway. It has been active since at least mid-2019 and was attributed to Vietnamese speaking developers and Nigerian operators.
The cybercriminals gained access to many confidential corporate Office365 emails of mainly financial services companies, law firms, and real estate groups. The PerSwaysion campaign proliferates with alarming rates by leveraging compromised accounts’ email data to select further targets who hold important roles and share business relation with the victims.
The detailed technical analysis of PerSwaysion operations and attack scheme is available in Group-IB’s blog post.
Check whether your email was compromised by PerSwaysion or not
Searching for an email address only ever retrieves the address from storage then returns it in the response, the searched address is never stored anywhere unless you intentionally agreed to Group-IB subscription.