Security researchers have identified a surge in two-step phishing attacks leveraging Microsoft Visio files. Perception Point has discovered that attackers are using the .vsdx format, commonly used for business diagrams, to disguise malicious URLs and bypass traditional security scans.
The new attacks take advantage of users’ trust in Microsoft tools by embedding URLs within Visio files. Unlike common attachments like PDFs or Word documents, Visio files are rarely flagged as threats, making them an ideal vehicle for delivering phishing links.
Here’s how the attack works:
1. Compromised accounts: Attackers gain control of email accounts and send phishing emails from real, trusted accounts.
2. Email content: The email contains a .vsdx file or an .eml file attachment, appearing as legitimate documents like proposals or purchase orders.
3. Visio file delivery: Clicking on the email link leads to a Microsoft SharePoint page hosting the Visio file, which may feature branding from the breached organization.
4. Embedded link in Visio: Attackers include a clickable link within the Visio file, usually disguised as a “View Document” button. Users are instructed to press the Ctrl key and click, a subtle prompt that circumvents automated security tools.
5. Credential theft: When users comply, they are redirected to a fake Microsoft login page, where their credentials are stolen.
Microsoft has recently acknowledged the misuse of its services in phishing scams, highlighting a worrying trend towards trusted platforms like SharePoint and Visio being exploited for deception.
To protect against such threats, firms and individuals should adopt key security practices, including verifying sender identities, enabling multi-factor authentication, conducting regular cybersecurity training, and implementing advanced email security solutions that monitor unusual file types.
Source: https://www.infosecurity-magazine.com/news/microsoft-visio-files-phishing