HQ/EMEAFind out how we can help your business
A novel phishing operation has an ongoing exploit on Microsoft’s Word file delivery feature by sending corrupted Word documents as email attachments.
Reports revealed that the damaged Word file allows its operators to bypass security tools since it is classified as damaged, but the application can recover it.
Threat actors are constantly developing new methods to circumvent email security technologies to get their phishing emails into their targets’ inboxes.
The new phishing attack utilised deliberately corrupted Word documents that have subjects related to salary and HR.
According to investigations, the new phishing campaign takes advantage of specially crafted corrupted Word documents to lure and infect victims. In addition, these emails commonly use subject lines, such as payroll and human resources departments, to deceive recipients.
These attachments also cover various topics that would benefit employees, like bonuses, to increase the chances of recipients accessing them. Once a user opens the file, MS Word detects that it is corrupted and indicates that it “found unreadable content” in it, prompting recipients to recover it.
These phishing documents are contaminated so that they may be quickly recovered. They present a document instructing the victim to scan a QR code to receive a copy. However, scanning the QR code will take the user to a phishing site that claims to be a Microsoft login page. The site seeks to steal the user’s credentials.
The primary purpose of this phishing campaign is common to similar operations. Still, using damaged Word documents is a new method for avoiding detection.
Furthermore, although these files usually function within the OS, most security solutions fail to detect them since the required protocols for their file types are not followed. These attachments have been relatively effective in completing their objective, and this could be because the documents contain no dangerous code and only display a QR code.
Despite this new phishing campaign’s unique strategy, users should be able to negate its effectiveness if they follow the general principles for defending against phishing attempts. Lastly, employees who receive emails that contain subjects like bonuses and benefits from an unknown sender should delete them immediately or check with a network administrator before opening them to avoid falling victim to such scams.
