Researchers have discovered a new phishing campaign using Microsoft Sway. The attacks are being referred to as a “Quishing” campaign. Quishing is a method of phishing which uses QR codes leading to malicious pages. The campaign is primarily focusing on victims in Asia and North America. Anyone with a Microsoft account can access Microsoft’s Sway, allowing hackers to use legitimate cloud applications to trick victims. As the victim is already logged into their Microsoft account when scanning a QR code, they believe that the malicious page they are opening is legitimate. As this type of campaign is difficult to detect, researchers advise users to type URLs directly into their Web browser instead of scanning QR codes.