Security researchers have identified a new wave of phishing attacks that cleverly exploit Microsoft Visio files to bypass security systems. Perception Point, the cybersecurity firm behind the discovery, found that these attacks rely on Visio’s .vsdx format, a file type commonly used for creating business diagrams. By embedding phishing URLs within these files, attackers deceive users and slip past traditional security scans.
Typically, users associate Microsoft Visio with legitimate tasks, like making flowcharts or network diagrams, not with phishing. Cybercriminals are using this familiarity to their advantage. Unlike more common phishing attachments, PDFs, or Word documents, Visio files are not routinely flagged as suspicious, making them an ideal carrier for malicious links.
Let us understand how the attack unfolds. Attackers first gain control of a legitimate email account and then send phishing emails from that account to add credibility. The email includes a Visio (.vsdx) file or a .eml file attachment labeled as routine documents like “proposal” or “purchase order.” When the recipient opens it, they are led to a Microsoft SharePoint page hosting the Visio file, which often displays branding from the compromised organization to appear authentic.
Inside the Visio file is a hidden, clickable link, usually masked with a “View Document” button. When the user presses Ctrl and clicks, they are redirected to a counterfeit Microsoft login page, where their credentials are captured.
Imagine you are wrapping up for the day when an email from HR pops up. It is a “Performance Review” document sent as a Visio file. Intrigued, you click, expecting to find your annual review. Instead, you are directed to a webpage that looks just like the company portal login. But this page is a decoy, waiting to capture your login info the moment you press “Enter.” This innocent click just unlocked a cybercriminal’s backdoor to your account.
Phishing scams are getting sneakier, especially with hackers now using tools people trust, like Microsoft Visio. Cyber experts urge everyone to double-check senders, use multi-factor authentication, and stay alert to suspicious attachments to avoid falling into these traps.
