Corrupt Office Documents Used in Sneaky New Phishing Attack Targeting US Workers
A sophisticated phishing campaign is exploiting a loophole in Microsoft Word to trick American workers into divulging sensitive information. Cybersecurity researchers at Any.Run recently uncovered this novel tactic, which uses cleverly disguised, corrupted Word documents to bypass most email security filters.
The scheme preyed on employees’ anticipation of salary and bonus information. The emails, designed to appear legitimate and originating from payroll or HR departments, contained attachments seemingly related to these topics. Upon opening, these attachments would trigger a warning from Microsoft Word, indicating that the document was corrupted and contained unreadable content.
What sets this phishing attack apart is the attackers’ manipulation of the Word document’s corruption. The damage is skillfully engineered to allow Word to easily restore the file, after which a message prompts the user to scan a QR code within the document. This QR code, disguised as a link to further bonus information, actually redirects unsuspecting employees to a fake Microsoft login page, a classic phishing tactic designed to steal usernames and passwords.
"Although these files operate successfully within the OS, they remain undetected by most security solutions due to the failure to apply proper procedures for their file types," explained Any.Run. This vulnerability highlights a critical crack in defenses, as even reputable antivirus software struggles to identify the threat.
The campaign’s success underscores the adaptability of cybercriminals. "These files were uploaded to VirusTotal, but all antivirus solutions returned ‘clean’ or ‘Item Not Found’ as they couldn’t analyze the file properly," continued Any.Run. This vulnerability allows the attacks to go largely undetected, emphasizing the need for heightened vigilance.
"Although no malicious code was attached to the documents, which only show a QR code," said Any.Run, highlighting the cunning nature of the attack.
Fortunately, basic security measures can still provide protection against this sophisticated threat. Experts advise being wary of emails from unknown senders, particularly those containing attachments. "If you receive an e-mail from an unknown sender, mainly if it contains attachments, delete it immediately or consult with a network administrator before opening it," advises cybersecurity experts.
Remember, staying informed about the latest phishing schemes and practicing cautious online behavior are the best defenses against becoming a victim.
