New Phishing Tactic Uses Corrupted Word Docs to Steal Your Credentials – Here is what to know.

How the Attack Works

The campaign, discovered by cybersecurity firm Any.Run, uses emails that appear to come from payroll or human resources departments. These emails contain attachments with themes related to employee benefits and bonuses. When the recipient opens the attachment, Word detects that the file is corrupted and offers to recover it.

Upon recovery, the document displays a QR code, prompting the user to scan it to access the supposed full document. Scanning the QR code leads the user to a phishing website that mimics a Microsoft login page, aiming to steal the user’s credentials.

Why It’s Effective

The corrupted state of the Word documents allows them to evade detection by antivirus software and email security systems. Any.Run explains that these files remain undetected because security solutions fail to apply proper procedures for analyzing corrupted file types. When uploaded to VirusTotal, a popular online virus scanning service, the documents were flagged as “clean” or “Item Not Found” by most antivirus solutions.

Protecting Yourself

To protect against this phishing attack, it is crucial to be cautious with unsolicited emails, especially those containing attachments. If you receive an email from an unknown sender, it is best to delete it immediately or consult with a network administrator before opening any attachments.

Conclusion

While the ultimate goal of stealing login credentials is not new, the use of corrupted Word documents is a novel tactic that highlights the evolving nature of cyber threats. Users must remain vigilant and adopt best practices to safeguard their personal information from such sophisticated attacks.

You think you have a story worth everyone’s time? SUBMIT A STORY and we will publish it