close
close
news

Microsoft Visio files used to conduct dangerous phishing attacks


  • Scammers integrate malicious links into Microsoft Visio files
  • The files are distributed via compromised email accounts
  • The goal of the campaign is to steal Microsoft 365 credentials

Security researchers at Perception Point have discovered a new two-step phishing campaign that aims to steal people’s Microsoft 365 credentials. It includes compromised email accounts, compromised SharePoint accounts, and some convincing (but fake) purchase orders.

The attack starts with a compromised Microsoft SharePoint account, where the criminals upload a file using Microsoft Visio – the company’s tool for creating professional charts and diagrams, creating files with the .VSDX extension.

Related Articles

Back to top button