A new sophisticated phishing technique utilizes Microsoft Visio files and SharePoint in a two-step phishing attack.
This two-step attack method represents a significant evolution in phishing tactics. It exploits users’ trust in familiar Microsoft tools to bypass security measures and steal credentials.
The attack begins with compromised email accounts sending legitimate messages, often containing business proposals or purchase orders.
Attend a Free Webinar on How to Maximize Cybersecurity Program ROI
These emails include links to SharePoint-hosted Microsoft Visio (.vsdx) files, a format commonly used for creating flowcharts and diagrams in professional settings.
Once a victim clicks on the link, they are directed to a SharePoint page containing the malicious Visio file. The file typically includes a “View Document” button, which users are instructed to click while holding down the Ctrl key.
This seemingly innocuous action is designed to evade automated security scans, as it requires human interaction that bots cannot replicate.
Clicking the button redirects the user to a fake Microsoft 365 login page, where their credentials are captured if entered.
The use of compromised email accounts and legitimate Microsoft services like SharePoint adds multiple layers of perceived authenticity to the attack, making it particularly deceptive.
Perception Point researchers have observed a significant increase in these Visio-based phishing attempts, targeting hundreds of organizations worldwide.
The tactic takes advantage of the fact that Visio files are rarely flagged as threats by traditional security systems, unlike more common file types such as PDFs or Word documents.
Microsoft has acknowledged the growing misuse of its services in phishing campaigns, highlighting the need for increased vigilance.
To protect against such threats, experts recommend verifying sender identities, enabling multi-factor authentication, and implementing advanced email security solutions that can detect unusual file types and behaviors.
As cybercriminals continue to refine their methods, this new attack vector serves as a reminder of the importance of ongoing user education and the need for robust, multi-layered security approaches in today’s rapidly evolving threat landscape.
Free Email Phishing Playbook (PDF) for Handling Attacks Efficiently -> Download Now