b2b-daily
Home | IT | Cyber Security

New Phishing Tactic Exploits Visio and SharePoint to Steal Credentials

Avatar photo
by Tailor Jackson
November 13, 2024
New Phishing Tactic Exploits Visio and SharePoint to Steal Credentials

The ever-evolving landscape of cybersecurity has presented users with a new and sophisticated phishing technique that exploits Microsoft Visio and SharePoint to perpetrate a two-step phishing attack. This method underscores the rapid advancements in phishing tactics by taking advantage of the inherent trust users place in widely used Microsoft tools, effectively bypassing standard security measures to steal credentials.

The attack begins with cybercriminals using compromised email accounts to send out seemingly legitimate emails, often disguised as business proposals or purchase orders. These emails contain links to Microsoft Visio (.vsdx) files hosted on SharePoint, a file format typically employed for professional flowcharts and diagrams. Upon clicking the link, users are directed to a SharePoint page containing the malicious Visio file. The file prompts users to click a "View Document" button while holding down the Ctrl key, a technique designed to circumvent automated security scans by requiring human interaction.

Once users follow these instructions, they are redirected to a fraudulent Microsoft 365 login page where their credentials are stolen if entered. This multi-layered attack leverages legitimate Microsoft services and compromised email accounts to enhance its authenticity, making it a particularly deceptive and effective phishing method. Researchers from Perception Point have noted a significant increase in Visio-based phishing attacks, impacting hundreds of organizations worldwide. One reason for their effectiveness is that Visio files are less likely to trigger alerts from traditional security systems compared to more common file types like PDFs or Word documents.

In response to this growing threat, Microsoft has acknowledged the rising misuse of its services in phishing campaigns, highlighting the pressing need for heightened vigilance. To counter these evolving threats, experts recommend verifying the identities of email senders, enabling multi-factor authentication, and deploying advanced email security solutions capable of detecting unusual file types and behaviors. This new threat serves as a stark reminder of the ongoing need for user education and robust multi-layered security defenses in an increasingly complex cyber threat landscape.

Information SecurityMicrosoft

Explore more

AI Human Resources Integration – Review
March 23, 2026

The rapid transition of the human resources department from a back-office administrative hub to a high-tech nerve center has fundamentally altered how organizations perceive their most valuable asset: their people. While the promise of efficiency has always been the primary driver of digital adoption, the current landscape reveals a complex interplay between sophisticated algorithms and the indispensable nature of human

Is Your Organization Hiring for Experience or Adaptability?
March 23, 2026

The standard executive recruitment model has historically prioritized candidates with decades of specialized industry tenure, yet the current economic volatility suggests that a reliance on past success is no longer a reliable predictor of future performance. In 2026, the global marketplace is defined by rapid technological shifts where long-standing industry norms are frequently upended by generative AI and decentralized finance

OpenAI Challenge Hiring – Review
March 23, 2026

The traditional resume, once the golden ticket to high-stakes employment, has officially entered its obsolescence phase as automated systems and AI-generated content saturate the labor market. In response, OpenAI has introduced a performance-driven recruitment model that bypasses the “slop” of polished but hollow applications. This shift represents a fundamental pivot toward verified capability, where a candidate’s worth is measured not

How Do Your Leadership Signals Affect Team Performance?
March 23, 2026

The modern corporate landscape operates within a state of constant flux where economic shifts and rapid technological integration create an environment of perpetual high-stakes decision-making. In this atmosphere, the emotional and behavioral cues projected by executives do not merely stay within the confines of the boardroom but ripple through every level of an organization, dictating the collective psychological state of

Restoring Human Choice to Counter Modern Management Crises
March 23, 2026

Ling-yi Tsai, an organizational strategy expert with decades of experience in HR technology and behavioral science, has dedicated her career to helping global firms navigate the friction between technological efficiency and human potential. In an era where data-driven decision-making is often mistaken for leadership, she argues that we have industrialized the “how” of work while losing sight of the “why.”