b2b-daily
Home | IT | Cyber Security

New Phishing Tactic Exploits Visio and SharePoint to Steal Credentials

Avatar photo
by Tailor Jackson
November 13, 2024
New Phishing Tactic Exploits Visio and SharePoint to Steal Credentials

The ever-evolving landscape of cybersecurity has presented users with a new and sophisticated phishing technique that exploits Microsoft Visio and SharePoint to perpetrate a two-step phishing attack. This method underscores the rapid advancements in phishing tactics by taking advantage of the inherent trust users place in widely used Microsoft tools, effectively bypassing standard security measures to steal credentials.

The attack begins with cybercriminals using compromised email accounts to send out seemingly legitimate emails, often disguised as business proposals or purchase orders. These emails contain links to Microsoft Visio (.vsdx) files hosted on SharePoint, a file format typically employed for professional flowcharts and diagrams. Upon clicking the link, users are directed to a SharePoint page containing the malicious Visio file. The file prompts users to click a "View Document" button while holding down the Ctrl key, a technique designed to circumvent automated security scans by requiring human interaction.

Once users follow these instructions, they are redirected to a fraudulent Microsoft 365 login page where their credentials are stolen if entered. This multi-layered attack leverages legitimate Microsoft services and compromised email accounts to enhance its authenticity, making it a particularly deceptive and effective phishing method. Researchers from Perception Point have noted a significant increase in Visio-based phishing attacks, impacting hundreds of organizations worldwide. One reason for their effectiveness is that Visio files are less likely to trigger alerts from traditional security systems compared to more common file types like PDFs or Word documents.

In response to this growing threat, Microsoft has acknowledged the rising misuse of its services in phishing campaigns, highlighting the pressing need for heightened vigilance. To counter these evolving threats, experts recommend verifying the identities of email senders, enabling multi-factor authentication, and deploying advanced email security solutions capable of detecting unusual file types and behaviors. This new threat serves as a stark reminder of the ongoing need for user education and robust multi-layered security defenses in an increasingly complex cyber threat landscape.

Information SecurityMicrosoft

Explore more

Transforming APAC Payroll Into a Strategic Workforce Asset
April 2, 2026

Global organizations operating across the Asia-Pacific region are currently witnessing a profound metamorphosis where payroll functions are shedding their reputation as stagnant cost centers to emerge as dynamic engines of corporate strategy. This evolution represents a departure from the historical reliance on manual spreadsheets and fragmented legacy systems that long characterized regional operations. In a landscape defined by rapid economic

Nordic Financial Technology – Review
April 2, 2026

The silent gears of the Scandinavian economy have shifted from the rhythmic hum of legacy mainframe servers to the rapid, near-invisible processing of autonomous neural networks. For decades, the Nordic banking sector was a paragon of stability, defined by a handful of conservative “high street” titans that commanded unwavering consumer loyalty. However, a fundamental restructuring of the regional financial architecture

Governing AI for Reliable Finance and ERP Systems
April 2, 2026

A single undetected algorithm error can ripple through a complex global supply chain in milliseconds, transforming a potentially profitable quarter into a severe regulatory nightmare before a human operator even has the chance to blink. This reality underscores the pivotal shift currently occurring as organizations integrate Artificial Intelligence (AI) into their core Enterprise Resource Planning (ERP) and financial systems. In

AWS Autonomous AI Agents – Review
April 2, 2026

The landscape of cloud infrastructure is currently undergoing a radical metamorphosis as Amazon Web Services pivots from static automation toward truly independent, decision-making entities. While previous iterations of cloud assistants functioned essentially as advanced search engines for documentation, the new frontier agents operate with a level of agency that allows them to own entire technical outcomes without constant human oversight.

Can Autonomous AI Agents Solve the DevOps Bottleneck?
April 2, 2026

The sheer velocity of AI-assisted code generation has created a paradoxical bottleneck where human engineers can no longer audit the volume of software being produced in real-time. AWS has addressed this critical friction point by deploying specialized autonomous agents that transition from simple script execution toward persistent, context-aware assistance. These tools emerged as a necessary counterbalance to a landscape where