Is There a New Phishing Attack Through Word Documents?

Posted on:

August 2, 2021

From Amazon phishing scams to Google Docs phishing scams, it is starting to feel like the internet is a very dangerous place these days. When scrolling through your inbox, it is almost impossible to avoid phishing scams, viruses, and spam, so much so that using your personal email can be challenging. According to researchers at McAfee, we have to be aware of another phishing scam through Microsoft Word documents.

When cybercriminals attempt to hack you through Microsoft Word documents, it is through malware, a software that is intentionally designed to cause damage to a computer, server, client, or computer network that does not have any malicious code. When you have been targeted with a Microsoft Word phishing attack, it is important to be aware of what their tactics will look like. When you’ve fallen victim of this specific scam, it will look something like this:

First, you will receive an email with malware through a Microsoft Word document as an attachment. When the word document is opened and the macros are enabled, the document will then download and open another password-protected Microsoft Excel document. When this happens, the Word document will disable the excel macro warning and instead use the malicious macro to download the Zloader payload which will then be executed using the infamous: “rundll32[dot]exe.”

It is important to note that once this happens, the cyber criminal will have complete access to your account and will hijack it by tricking more users into further spreading their malware.

Fortunately, there are three simple steps to ensure that your account will be safe and away from the hands of cybercriminals such as:

Do not open any files and be extremely selective about what attachments to open
Disable and never enable macros unless it is from a trusted source
Update Microsoft Office regularly to automatically enforce safety protocols

While it may not seem like it, the internet can be a very dangerous place. However, there is no need to be a tech-savvy genius to protect yourself from the dark pits of the internet. When you are scrolling through your inbox and find an email that you are not familiar with, always remember: think before you click.