Corrupt email attachments – Beware!

How often do you get attachments when you get an email? Pretty often right? Whether it be an invoice, a quote, a message from a supplier or any number of other things. Attachments are a normal part of business. Well this is what cybercriminals want you to think too – to open the attachment without really thinking and bam! You have been scammed with a corrupt attachment.

You might be thinking ‘hang on what about email security filters?’ Cyber criminals have found a new way around these filters by using corrupted Microsoft Word files. It is a clever and dangerous tactic.

This scam falls under the ‘phishing’ umbrella. This is where scammers try to trick you into giving away sensitive information such as passwords and bank details. They ‘bait’ you with an email that looks real, from your bank, co-worker or a company you trust. These emails often include attachments or links. When you open the attachment or click the link, you could be downloading malware or visiting a fake website (that looks real) that is specifically designed to steal your information.

Phishing attacks are constantly evolving, and they are now one of the most common ways scammers break into businesses. Email security filters are usually pretty good at scanning attachments, but since corrupted files cannot be analysed properly, the Word file is able to sneak into your inbox.

When you then open one of these corrupted files, Microsoft Word will ‘repair’ it and show you what looks like a normal attachment, but the document will contain a malicious QR code or link that sends you to a phishing site (often a fake Microsoft 365 login page). If you enter your details into this page the scammers then have access to your account – and possibly your entire business.

Stealing just one employee’s login details can be enough. With access to your cloud systems, scammers could get hold of sensitive customer data, lock your tea out of essential files, or even send phishing emails from your account to trick your contacts. If this happened to you it could be catastrophic to your business.

The best protection is awareness and caution. Here are some steps you can take;

• Think twice before opening an attachment. Is it from someone you trust? Double check the email address.
• If an email seems urgent, beware – scammer like to rush you so that you will act without thinking.
• If you are not sure and email is legitimate, check with the company or person that it seems to be sent from.
• Never trust an attachment link just because it looks professional.

Make sure to educate yourself and your team about phishing attacks. You can also check out our free Email Hijack Ebook!

If you have any questions, concerns, or need any advice, get in touch!