Cybercriminals have devised a new phishing tactic to bypass email security systems using intentionally damaged Microsoft Word files. These files exploit a vulnerability in email security tools to deliver malicious content undetected.
Fraudsters distribute such files as email attachments, cybersecurity experts from Any.Run report. Attachments in phishing emails typically include malicious files, links, or downloads that are scanned by security tools before reaching users. However, if a file is damaged, these tools cannot properly analyze it and fail to flag it as harmful.
How the Attack Works
Intentionally damaged Word files are designed to evade detection. While email security systems struggle to analyze them, Word can restore these files without issues. Once restored, the malicious content, such as a QR code leading to a fake Microsoft 365 login page, becomes accessible to the victim. The campaign’s primary goal is to steal credentials for cloud services.
According to experts, these files remain undetected on operating systems and evade most security tools, including VirusTotal, where antivirus solutions mark them as “clean” or “not found.” This makes them highly effective for phishing campaigns.
How to Protect Yourself
To safeguard against this type of attack, cybersecurity experts advise being cautious with incoming emails and attachments, adds NIXSolutions. Always scrutinize unfamiliar files, especially if they require restoration, and rely on your instincts if something seems suspicious. We’ll keep you updated as more protective measures against such tactics become available.
By staying alert and informed, you can reduce the risk of falling victim to these sophisticated phishing schemes.