Beware that corrupted email attachment: It could be a scam

You’re browsing through your inbox when you notice an important email with a Word document attached. It could be an invoice, a note from a supplier, or a request from a colleague. You open it without a second thought… and just like that, you’ve fallen victim to a scam.

This is precisely the type of situation cyber criminals rely on. They’ve devised yet another method to bypass even the most sophisticated email security filters – this time, by using corrupted Microsoft Word files.

It’s a crafty and hazardous strategy.

Phishing (pronounced "fishing") involves scammers attempting to deceive you into revealing sensitive information, such as passwords or bank details. They “lure” you with an email that appears legitimate, possibly from your bank, a colleague, or a trusted company.

These emails frequently contain attachments or links. Opening the attachment or clicking the link might result in downloading malicious software (malware) or visiting a fraudulent website designed to steal your information.

Phishing attacks are continually advancing, and they’ve become one of the most prevalent methods scammers use to infiltrate businesses. Email security filters are generally effective at scanning attachments. However, because corrupted files can’t be properly analyzed, the Word file can slip into your inbox.

When you open one of these corrupted files, Microsoft Word will “repair” it and display what appears to be a regular attachment. Yet, the document may contain a malicious QR code or link directing you to a phishing site (often a fake Microsoft 365 login page). If you input your details, scammers could gain access to your account – and potentially your entire business.

Acquiring just one employee’s login information can be sufficient. With access to your cloud systems, scammers could obtain sensitive customer data, block your team from essential files, or even send phishing emails from your account to deceive your contacts.

If this occurs, it could be disastrous. Your business might suffer financial losses, legal repercussions, and a tarnished reputation that could take a long time to restore.

Cyber attacks are becoming more sophisticated. However, you don’t need a cyber security degree to help protect your business.

The best defense is awareness and caution.

Here are some actions you can take:

·         Pause and think twice before opening attachments or clicking on links

·         Be wary if an email seems urgent – scammers often try to rush you into acting without thinking

·         If you’re uncertain about an email’s legitimacy, verify with the person or company it appears to be from

·         Never trust an attachment or link merely because it looks professional

Most importantly, ensure that you and your team are informed about what phishing is, why it’s dangerous, and how to identify the warning signs.

We assist businesses like yours with this every day. If you’d like our help too, feel free to contact us.