- Two-step phishing bypasses security with user-triggered actions
- Fake Microsoft Portals Quickly Collect Sensitive Login Credentials
- Advanced threat detection is key to combating phishing
A two-step phishing attack leverages Microsoft Visio (.vsdx) and SharePoint files, marking a new chapter in cyber deception, experts have warned.
Security researchers at Perception Point reported a dramatic increase in attacks leveraging .vsdx files.
These files, which until now were rarely used in phishing campaigns, are used as a delivery mechanism, and victims are redirected to phishing pages that mimic Microsoft 365 login portals, designed to steal user credentials. users.
Phishing exploits trusted platforms
Two-step phishing attacks layer malicious actions to evade detection. Instead of delivering harmful content directly, these campaigns rely on trusted platforms like Microsoft SharePoint to host seemingly legitimate files.
Attackers embed URLs in Microsoft Visio files that direct victims to malicious websites when clicked. This layered approach makes detection by traditional email security systems more challenging.
Microsoft Visio, a tool widely used to create professional diagrams, has become a new vector for phishing. Attackers use compromised accounts to send emails containing Visio files that appear to come from trusted sources, often mimicking urgent business communications, such as proposals or purchase orders, to prompt immediate action.
Because attackers use stolen accounts, these emails typically pass authentication checks and are more likely to bypass recipients’ security systems. In some cases, attackers include .eml files in emails, also embedding malicious URLs that lead to files hosted on SharePoint.
Attackers embed a clickable button within the Visio file, typically called “View Document.” To access the malicious URL, victims are instructed to hold down the Ctrl key and click the button. This interaction, which requires manual action from the user, bypasses automated security systems that cannot replicate such behaviors.
To mitigate the risks posed by these sophisticated phishing campaigns, Perception Point recommends that organizations adopt advanced threat detection solutions, including dynamic URL analysis to identify malicious links, object detection models to flag suspicious files, and authentication mechanisms. to minimize the impact of compromised accounts.
