Summary: Security researchers have identified a rise in sophisticated two-step phishing attacks utilizing Microsoft Visio files, which exploit users’ trust in familiar tools to bypass traditional security measures. These attacks involve embedding malicious URLs in Visio documents, leading victims to fake login pages to steal credentials.
Threat Actor: Perception Point | Perception Point
Victim: Businesses and individuals | businesses and individuals
Key Point :
- Attackers compromise email accounts to send phishing emails from trusted sources.
- Phishing emails often contain Visio (.vsdx) or Outlook (.eml) file attachments that appear legitimate.
- Users are directed to a SharePoint page hosting the Visio file, which includes a disguised malicious link.
- Clicking the link leads to a fake Microsoft login page, where credentials are harvested.
- The trend highlights a shift towards using trusted platforms like SharePoint and Visio in phishing schemes.
- Organizations are advised to verify sender identities, enable multi-factor authentication, and conduct regular cybersecurity training.
A surge in two-step phishing attacks leveraging Microsoft Visio files has been identified by security researchers, marking a sophisticated evolution in phishing tactics.
Discovered by Perception Point, the new attacks use Visio’s .vsdx format, a file type commonly employed for business diagrams, to disguise malicious URLs and bypass traditional security scans.
Microsoft Visio, often used for flowcharts and network diagrams, has now become a tool of deception in phishing campaigns. Attackers exploit the platform by embedding URLs within Visio files. The tactic takes advantage of users’ trust in Microsoft tools and creates a covert way to bypass security systems.
Unlike common attachmentslike PDFs or Word documents, Visio files are rarely flagged as threats, making them an ideal vehicle for delivering phishing links.
How the Attack Works
Perception Point researchers outlined the attack flow as follows:
-
Compromised accounts: Attackers gain control of email accounts and send phishing emails from real, trusted accounts, ensuring they pass authentication checks
-
Email content: The email often contains a .vsdx file or an .eml file (Outlook email message) attachment, appearing as legitimate documents like proposals or purchase orders
-
Visio file delivery: Clicking on the email link leads to a Microsoft SharePoint page hosting the Visio file. The file may feature branding from the breached organization
-
Embedded link in Visio: Attackers include a clickable link within the Visio file, usually disguised as a “View Document” button. Users are instructed to press the Ctrl key and click, a subtle prompt that circumvents automated security tools
When users comply, they are redirected to a fake Microsoft login page, where their credentials are stolen.
Read more on phishing tactics: 82% of Phishing Sites Now Target Mobile Devices
Growing Trend of Phishing Attacks Using Trusted Platforms
Perception Point has recently recorded a notable increase in Visio-based phishing attempts, a stark deviation from the usual methods involving more familiar file types.
According to the security firm, this tactic highlights the shift towards trusted platforms like SharePoint and Visio, which attackers manipulate to add layers of deception and reduce detection rates.
Acknowledging the issue, Microsoft has recently emphasized the need for heightened awareness around the use of its tools in phishing scams.
“Microsoft’s recent acknowledgment of the misuse of their services in phishing campaigns underscores a worrying trend: two-step phishing attacks leveraging trusted platforms and file formats like SharePoint and Visio are becoming increasingly common,” Perception Point warned.
“These multi-layered evasion tactics exploit user trust in familiar tools while evading detection by standard email security platforms.”
To protect against threats like this, firms and individuals should adopt key security practices: verify the sender’s identity before opening attachments, enable multi-factor authentication to secure accounts and conduct regular cybersecurity training to help users recognize phishing tactics.
Additionally, implementing advanced email security solutions that monitor unusual file types, like Visio files, can provide an extra layer of protection against evolving phishing schemes.
Image credit: Mojahid Mottakin / Shutterstock.com
Source: https://www.infosecurity-magazine.com/news/microsoft-visio-files-phishing