b2b-daily
Home | IT | Cyber Security

New Phishing Tactic Exploits Visio and SharePoint to Steal Credentials

Avatar photo
by Tailor Jackson
November 13, 2024
New Phishing Tactic Exploits Visio and SharePoint to Steal Credentials

The ever-evolving landscape of cybersecurity has presented users with a new and sophisticated phishing technique that exploits Microsoft Visio and SharePoint to perpetrate a two-step phishing attack. This method underscores the rapid advancements in phishing tactics by taking advantage of the inherent trust users place in widely used Microsoft tools, effectively bypassing standard security measures to steal credentials.

The attack begins with cybercriminals using compromised email accounts to send out seemingly legitimate emails, often disguised as business proposals or purchase orders. These emails contain links to Microsoft Visio (.vsdx) files hosted on SharePoint, a file format typically employed for professional flowcharts and diagrams. Upon clicking the link, users are directed to a SharePoint page containing the malicious Visio file. The file prompts users to click a "View Document" button while holding down the Ctrl key, a technique designed to circumvent automated security scans by requiring human interaction.

Once users follow these instructions, they are redirected to a fraudulent Microsoft 365 login page where their credentials are stolen if entered. This multi-layered attack leverages legitimate Microsoft services and compromised email accounts to enhance its authenticity, making it a particularly deceptive and effective phishing method. Researchers from Perception Point have noted a significant increase in Visio-based phishing attacks, impacting hundreds of organizations worldwide. One reason for their effectiveness is that Visio files are less likely to trigger alerts from traditional security systems compared to more common file types like PDFs or Word documents.

In response to this growing threat, Microsoft has acknowledged the rising misuse of its services in phishing campaigns, highlighting the pressing need for heightened vigilance. To counter these evolving threats, experts recommend verifying the identities of email senders, enabling multi-factor authentication, and deploying advanced email security solutions capable of detecting unusual file types and behaviors. This new threat serves as a stark reminder of the ongoing need for user education and robust multi-layered security defenses in an increasingly complex cyber threat landscape.

Information SecurityMicrosoft

Explore more

The Institutional Layer Drives Global AI Innovation
June 3, 2026

Technological history demonstrates that writing massive checks for research often fails to ignite industrial revolutions when the structural plumbing required to move ideas from whiteboards to production lines remains broken or nonexistent. In the current global race for artificial intelligence supremacy, nations are pouring trillions of dollars into compute clusters and research grants, yet the mere accumulation of capital does

Human Curation Prevents AI Customer Service Failures
June 3, 2026

The rapid integration of generative artificial intelligence into the front lines of customer support has frequently resulted in a series of highly publicized and embarrassing technological hallucinations that could have been avoided with proper human oversight. As enterprises move deeper into 2026, the initial novelty of automated chatbots has been replaced by a rigorous demand for reliability and accuracy that

Is Customer Experience the New Search Engine Optimization?
June 3, 2026

Digital landscapes have transformed so radically that a perfectly optimized website no longer guarantees a single visitor if the underlying service fails to impress the silent algorithms watching every interaction. In the current marketplace, the meticulous curation of meta tags and backlink profiles has surrendered its dominance to a much more elusive and human metric: the lived experience of the

Can a Fiduciary Framework Secure Government Data and AI?
June 3, 2026

The startling collapse of confidence among state-level cybersecurity leaders reveals that the traditional philosophy of building taller digital walls around centralized government data repositories has reached a breaking point. Currently, the landscape of public sector data management is undergoing a severe identity crisis. While technological capabilities have expanded exponentially, the ability of state agencies to safeguard the very information that

Unifying File and Object Storage Solves AI Data Bottlenecks
June 3, 2026

The relentless appetite of modern GPU clusters has transformed storage from a background utility into a critical performance governor that determines the success of enterprise artificial intelligence initiatives. While raw compute power continues to scale at an impressive rate, the infrastructure responsible for feeding these hungry processors remains mired in architectural silos. This mismatch has birthed the paradox of the