Hackers have devised a sophisticated new phishing strategy that capitalizes on trusted Microsoft tools like Visio and SharePoint to trick users into handing over credentials. The attack begins with emails sent from compromised accounts, crafted to resemble business proposals or purchase orders. These emails, designed to appear legitimate, contain links to Microsoft SharePoint-hosted Visio (.vsdx) files—a format commonly used for professional diagrams and flowcharts, which naturally lends credibility. This clever approach uses familiar Microsoft services and tools to bypass basic user suspicion and avoid detection by traditional security filters.
Upon clicking the SharePoint link, recipients are directed to a page hosting the malicious Visio file. The file appears unremarkable, except for a “View Document” button that instructs users to hold down the Ctrl key while clicking. This seemingly minor action is crucial to the attack’s success: it bypasses automated security scans that typically detect malicious content without user interaction. Security systems often allow files that require human input to pass through undetected, allowing the attacker to sneak past basic security defenses and ensure that the phishing attempt reaches unsuspecting recipients.
After clicking, users are taken to a deceptive Microsoft 365 login page designed to steal their credentials. Believing the page to be legitimate, many users unknowingly submit their credentials, which are then harvested by attackers. This tactic of using legitimate Microsoft services—along with compromised email accounts and familiar Visio files—creates a strong sense of authenticity, making this phishing attempt particularly effective and challenging to identify. The combination of trusted tools and subtle but calculated instructions significantly increases the likelihood of success, especially as it targets users in professional environments who frequently work with SharePoint and Visio.
Cybersecurity experts emphasize the importance of vigilance and proactive measures to combat this emerging threat. To protect against these kinds of attacks, organizations are advised to verify the identities of email senders, implement multi-factor authentication, and adopt advanced email security solutions that can detect abnormal file types and suspicious behaviors. Given that phishing techniques continue to evolve, security professionals stress the need for ongoing user education on recognizing potential threats. This sophisticated attack highlights the need for multi-layered security frameworks capable of protecting against both conventional and advanced cyberthreats in today’s ever-changing digital landscape.
