This devious two-step phishing campaign uses Microsoft tools to bypass email security

(Image credit: Shutterstock)

Two-step phishing evades security with user-triggered actions
Fake Microsoft portals harvest sensitive login credentials fast
Advanced threat detection is key to fighting phishing

A two-step phishing attack is leveraging Microsoft Visio files (.vsdx) and SharePoint, marking a new chapter in cyber deception, experts have warned.

Perception Point’s security researchers reported a dramatic increase in attacks leveraging .vsdx files.

These files, which were rarely used in phishing campaigns until now, are used as a delivery mechanism, with victims being redirected to phishing pages mimicking Microsoft 365 login portals, designed to steal user credentials.

Phishing exploits trusted platforms

Two-step phishing attacks layer malicious actions to evade detection. Instead of delivering harmful content directly, these campaigns rely on trusted platforms like Microsoft SharePoint to host seemingly legitimate files.

The attackers embed URLs within Microsoft Visio files that direct victims to malicious websites when clicked. This layered approach makes detection by traditional email security systems more challenging.

Microsoft Visio, a widely used tool for creating professional diagrams, has become a new vector for phishing. Attackers use compromised accounts to send emails containing Visio files appear to originate from trusted sources, often mimicking urgent business communications, like proposals or purchase orders to prompt immediate action.

As the attackers use stolen accounts, these emails often pass authentication checks and are more likely to bypass recipient security systems. In some instances, the attackers include .eml files within the emails, further embedding malicious URLs that lead to SharePoint-hosted files.

The attackers embed a clickable button inside the Visio file, typically labelled "View Document." To access the malicious URL, victims are instructed to hold down the Ctrl key and click the button. This interaction, requiring a manual user action, bypasses automated security systems that cannot replicate such behaviors.

To mitigate risks posed by such sophisticated phishing campaigns, Perception Point recommends organizations adopt advanced threat detection solutions, including dynamic URL analysis to identify malicious links, object detection models to flag suspicious files, and authentication mechanisms to minimize the impact of breached accounts.

Efosa has been writing about technology for over 7 years, initially driven by curiosity but now fueled by a strong passion for the field. He holds both a Master's and a PhD in sciences, which provided him with a solid foundation in analytical thinking. Efosa developed a keen interest in technology policy, specifically exploring the intersection of privacy, security, and politics. His research delves into how technological advancements influence regulatory frameworks and societal norms, particularly concerning data protection and cybersecurity. Upon joining TechRadar Pro, in addition to privacy and technology policy, he is also focused on B2B security products. Efosa can be contacted at this email: udinmwenefosa@gmail.com