- Crooks are embedding malicious links in Microsoft Visio files
- The files are distributed via compromised email accounts
- The goal of the campaign is to steal Microsoft 365 login credentials
Security researchers from Perception Point have spotted a new two-step phishing campaign aiming to steal people’s Microsoft 365 login credentials. It includes compromised email accounts, compromised SharePoint accounts, and some convincing – but fake – purchase orders.
The attack starts with a hacked Microsoft SharePoint account, where the criminals would upload a file using Microsoft Visio – the company’s tool for making professional diagrams and charts, creating files with the .VSDX extension.
The crooks would embed a malicious URL in this file leading to a fake Microsoft 365 login page. Victims that make it this far usually try to log into their accounts, thus sharing the login credentials with the attackers.
Abusing people’s email accounts
Then, the attackers would compromise someone’s email account, and use it to distribute the phishing messages. Since these emails would be coming from otherwise legitimate sources, they are very likely to make it past any email security protections. The body of the message itself is your usual phishing content, sharing a fake purchase order, or something similar.
In some cases, the crooks would also share another email message as an attachment (.EMI files), all in an attempt to hide the malicious intent lurking in the SharePoint account. When it comes to obfuscations, the crooks added another layer in the Visio file itself – the call to action leading to the fake login page can only be clicked while holding the Control (CTRL) button on the…
Read full post on Tech Radar
Discover more from Technical Master - Gadgets Reviews, Guides and Gaming News
Subscribe to get the latest posts sent to your email.
