New “2SP” Phishing Attacks Leverage SVG and Visio Files to Evade Detection

by Justin Erickson

Cybersecurity researchers are warning of a new wave of “2SP” (Two-Step Phishing) attacks that use SVG (Scalable Vector Graphics) file attachments to bypass traditional email security filters. These files contain embedded links or malicious scripts that redirect users to phishing sites designed to harvest login credentials or distribute malware. The sophisticated attacks highlight a growing trend in phishing tactics, exploiting design tools and file formats to evade detection. This emphasizes the importance of multi-factor authentication (MFA) as a critical defense, alongside employee training to recognize suspicious attachments and links. Organizations are urged to reinforce their email security measures to mitigate these evolving threats.