New Phishing Attack Targets Microsoft Visio and SharePoint

New Two-Step Phishing Attack Targets Microsoft Visio and SharePoint. Researchers at Perception Point have uncovered a sophisticated phishing technique that utilizes Microsoft Visio files (.vsdx) to embed malicious URLs, effectively bypassing traditional security measures. This two-step attack begins with compromised email accounts sending urgent messages that appear legitimate, leading users to a SharePoint-hosted Visio file. Within the file, attackers insert deceptive links that redirect users to counterfeit Microsoft 365 login pages, designed to capture sensitive credentials. The rise of such tactics underscores the need for enhanced cybersecurity awareness and protective measures against evolving phishing schemes.