As businesses strengthen their cybersecurity defenses against phishing attacks, cybercriminals are evolving their tactics to stay ahead. A new phishing scam is exploiting Microsoft tools in a sophisticated two-step process, bypassing traditional security measures and tricking users into handing over credentials.
Understanding how this attack works and implementing proactive security measures can help protect your business from falling victim to these evolving threats.
How This New Phishing Scam Exploits Microsoft Tools
Most organizations use a combination of email security tools and employee training to identify and block phishing emails. However, hackers are now using Microsoft’s own trusted platforms—such as SharePoint and Visio—to make their attacks look more legitimate and evade security controls.
The Two-Step Phishing Tactic
This latest phishing scam doesn’t deliver malware or phishing links directly through email, which many security filters would detect. Instead, attackers use a two-step approach:
- Compromised Email Accounts – Hackers send phishing emails from legitimate but compromised accounts, making them appear more trustworthy. These emails often create a sense of urgency, encouraging the recipient to act quickly.
- Malicious SharePoint or Visio Links – Instead of including a direct phishing link, the email contains a Microsoft SharePoint file or Visio document. Once the victim clicks the file, they are led to a fake login page or a hidden malware installer.
To further evade security tools, hackers embed clickable buttons within Visio files and instruct users to hold the CTRL key while clicking the link—bypassing automated security checks and directly launching the attack.
Why This Phishing Scam Is So Dangerous
Hackers have long relied on social engineering to manipulate victims, but this new phishing scam is especially dangerous because:
- It leverages trusted Microsoft platforms, making it harder to detect.
- It bypasses traditional email security filters by using compromised accounts to send the messages.
- It tricks users into manual overrides, like holding down the CTRL key, which prevents automated security tools from flagging the attack.
- It can result in multiple security breaches, including credential theft and malware infections.
Once a hacker gains access to a victim’s Microsoft 365 account, they can use the stolen credentials to launch more sophisticated attacks, install malware, or exfiltrate sensitive company data.
How to Protect Your Business from Phishing Scams
The best way to safeguard your company against this evolving phishing scam is to take a multi-layered security approach. Here’s what experts recommend:
✅ Invest in Advanced Threat Detection
- Use security solutions that analyze links and attachments for suspicious behavior.
- Deploy email filters that can detect anomalies in sender behavior and flagged domains.
✅ Implement Strong Authentication Measures
- Require multifactor authentication (MFA) to prevent unauthorized access, even if credentials are stolen.
- Consider conditional access policies that monitor login patterns and flag suspicious activity.
✅ Train Employees to Recognize Phishing Attempts
- Educate teams about the latest phishing tactics, including urgent action emails and malicious Microsoft links.
- Encourage employees to verify unexpected emails with IT before clicking any links or opening attachments.
✅ Keep Systems and Software Updated
- Regularly update Microsoft 365, SharePoint, and security tools to patch vulnerabilities.
- Perform routine data backups to mitigate damage from ransomware or data loss.
FAQs About This Phishing Scam
1. How can I tell if an email is part of a phishing scam?
Look for unexpected attachments or links, urgent language, and minor email address variations. If an email seems unusual, confirm its legitimacy with the sender through another channel.
2. Why does holding the CTRL key bypass security?
Holding the CTRL key while clicking a link overrides Microsoft’s built-in security protections, allowing hackers to execute malicious commands without being blocked.
3. What should I do if I suspect a phishing attempt?
Do not click any links or open attachments. Report the email to your IT team, block the sender, and encourage company-wide security training to prevent future incidents.
Contact CTTS today for IT support and managed services in Austin, TX. Let us handle your IT so you can focus on growing your business. Visit CTTSonline.com or call us at (512) 388-5559 to get started!