{"id":52983,"date":"2024-12-23T10:30:08","date_gmt":"2024-12-23T02:30:08","guid":{"rendered":"https:\/\/www.dataplugs.com\/?p=52983"},"modified":"2024-12-23T10:30:49","modified_gmt":"2024-12-23T02:30:49","slug":"damaged-word-files-phishing-attack","status":"publish","type":"post","link":"https:\/\/www.dataplugs.com\/en\/damaged-word-files-phishing-attack\/","title":{"rendered":"New Phishing Attack: Damaged Word Files Evade Security"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">A recent discovery has unveiled a new phishing attack technique where attackers cleverly exploit Microsoft Word&#8217;s file repair feature. They use corrupted Word documents as email attachments to carry out their attacks. These documents, being in a damaged state, can evade detection by security software, but users can still repair and open them through the application.<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"font-weight: 400;\">Cybercriminals are continuously developing new methods to bypass email security software, ensuring that phishing emails reach their intended targets.<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"font-weight: 400;\">An overseas cybersecurity company has revealed this wave of new attacks, finding that attackers use deliberately damaged Word documents as attachments, disguised as emails from HR or payroll departments.<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"font-weight: 400;\">These malicious attachments come with various subject names, all related to employee benefits and bonuses, such as:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Annual_Benefits_&amp;_Bonus_for_[name]_IyNURVhUTlVNUkFORE9NNDUjIw_.docx<\/span><\/li>\n<\/ul>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Annual_Q4_Benefits_&amp;_Bonus_for_[name]_IyNURVhUTlVNUkFORE9NNDUjIw_.docx.bin<\/span><\/li>\n<\/ul>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Benefits_&amp;_Bonus_for_[name]_IyNURVhUTlVNUkFORE9NNDUjIw_.docx.bin<\/span><\/li>\n<\/ul>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Due_&amp;_Payment_for_[name]_IyNURVhUTlVNUkFORE9NNDUjIw_.docx.bin<\/span><\/li>\n<\/ul>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Q4_Benefits_&amp;_Bonus_for_[name]_IyNURVhUTlVNUkFORE9NNDUjIw_.docx.bin<\/span><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><span style=\"font-weight: 400;\">These attack documents contain a base64 encoded string &#8220;IyNURVhUTlVNUkFORE9NNDUjIw&#8221;, which decodes to &#8220;##TEXTNUMRANDOM45##&#8221;. When users open the attachment, Word displays a prompt indicating &#8220;unreadable content&#8221; and asks if they want to repair the damaged file.<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"font-weight: 400;\">The phishing documents are specially designed to appear damaged but can be easily repaired. Once repaired, they display a page requesting users scan a QR code to access the content. The document applies the target company&#8217;s logo to increase credibility. Users who scan the QR code are directed to a fake Microsoft login page to steal their credentials.<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"font-weight: 400;\">While phishing attacks to steal credentials are not new, using damaged Word documents to evade security detection is an innovative approach. These files can operate normally within the operating system, but security solutions cannot correctly process them, thus successfully evading detection. When these files are uploaded to VirusTotal, all antivirus software returns &#8220;clean&#8221; or &#8220;no items found&#8221; results because they cannot correctly analyze the file content. This attack method is quite effective in achieving its goals.<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"font-weight: 400;\">To prevent such phishing attacks, it is essential to follow basic cybersecurity practices. If you receive an email from an unknown sender, especially one with attachments, delete it immediately or confirm with your IT department before opening it.<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"font-weight: 400;\">Contact us via live chat or email <\/span><a href=\"mailto:sales@dataplugs.com\"><span style=\"font-weight: 400;\">sales@dataplugs.com<\/span><\/a><span style=\"font-weight: 400;\"> to learn more about our <\/span><a href=\"https:\/\/www.dataplugs.com\/en\/product\/ddos-dedicated-server\/\"><span style=\"font-weight: 400;\">DDoS Protection Service Plans<\/span><\/a><span style=\"font-weight: 400;\">.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A recent discovery has unveiled a new phishing attack technique where attackers cleverly exploit Microsoft Word&#8217;s file repair feature. They use corrupted Word documents as &#8230; <a class=\"understrap-read-more-link\" href=\"https:\/\/www.dataplugs.com\/en\/damaged-word-files-phishing-attack\/\">read more<\/a><\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_cloudinary_featured_overwrite":false,"footnotes":""},"categories":[93],"tags":[],"class_list":["post-52983","post","type-post","status-publish","format-standard","hentry","category-web-security"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>New Phishing Attack: Damaged Word Files Evade Security<\/title>\n<meta name=\"description\" content=\"Discover how cybercriminals use damaged Word files to bypass security software and execute phishing attacks. Learn how to protect yourself from these threats.\" \/>\n<meta name=\"robots\" content=\"index, follow\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.dataplugs.com\/en\/wp-json\/wp\/v2\/posts\/52983\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"New Phishing Attack: Damaged Word Files Evade Security\" \/>\n<meta property=\"og:description\" content=\"Discover how cybercriminals use damaged Word files to bypass security software and execute phishing attacks. Learn how to protect yourself from these threats.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.dataplugs.com\/en\/wp-json\/wp\/v2\/posts\/52983\" \/>\n<meta property=\"og:site_name\" content=\"Dataplugs\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/dataplugs\/\" \/>\n<meta property=\"article:published_time\" content=\"2024-12-23T02:30:08+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-12-23T02:30:49+00:00\" \/>\n<meta name=\"author\" content=\"Felix Cheung\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@dataplugs\" \/>\n<meta name=\"twitter:site\" content=\"@dataplugs\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Felix Cheung\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":{\"0\":{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.dataplugs.com\\\/en\\\/damaged-word-files-phishing-attack\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.dataplugs.com\\\/en\\\/damaged-word-files-phishing-attack\\\/\"},\"author\":{\"name\":\"Felix Cheung\",\"@id\":\"https:\\\/\\\/www.dataplugs.com\\\/sc\\\/#\\\/schema\\\/person\\\/266fbbc69124aa0f09742495f383ae79\"},\"headline\":\"New Phishing Attack: Damaged Word Files Evade Security\",\"datePublished\":\"2024-12-23T02:30:08+00:00\",\"dateModified\":\"2024-12-23T02:30:49+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.dataplugs.com\\\/en\\\/damaged-word-files-phishing-attack\\\/\"},\"wordCount\":412,\"publisher\":{\"@id\":\"https:\\\/\\\/www.dataplugs.com\\\/sc\\\/#organization\"},\"articleSection\":[\"Web Security\"],\"inLanguage\":\"en-US\",\"url\":\"\",\"about\":{\"@id\":\"https:\\\/\\\/www.dataplugs.com\\\/en\\\/damaged-word-files-phishing-attack\\\/\"},\"thumbnailUrl\":\"https:\\\/\\\/www.dataplugs.com\\\/wp-content\\\/uploads\\\/2024\\\/12\\\/dp_1223_a.jpg\"},\"1\":{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.dataplugs.com\\\/en\\\/damaged-word-files-phishing-attack\\\/\",\"url\":\"https:\\\/\\\/www.dataplugs.com\\\/en\\\/damaged-word-files-phishing-attack\\\/\",\"name\":\"New Phishing Attack: Damaged Word Files Evade Security\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.dataplugs.com\\\/sc\\\/#website\"},\"datePublished\":\"2024-12-23T02:30:08+00:00\",\"dateModified\":\"2024-12-23T02:30:49+00:00\",\"description\":\"Discover how cybercriminals use damaged Word files to bypass security software and execute phishing attacks. Learn how to protect yourself from these threats.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.dataplugs.com\\\/en\\\/damaged-word-files-phishing-attack\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.dataplugs.com\\\/en\\\/damaged-word-files-phishing-attack\\\/\"]}]},\"2\":{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.dataplugs.com\\\/en\\\/damaged-word-files-phishing-attack\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.dataplugs.com\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Blog\",\"item\":\"https:\\\/\\\/www.dataplugs.com\\\/en\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"New Phishing Attack: Damaged Word Files Evade Security\"}]},\"5\":{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.dataplugs.com\\\/sc\\\/#\\\/schema\\\/person\\\/266fbbc69124aa0f09742495f383ae79\",\"name\":\"Felix Cheung\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.dataplugs.com\\\/wp-content\\\/litespeed\\\/avatar\\\/30f83833f149a7e0d392370709e1d86e.jpg?ver=1777286885\",\"url\":\"https:\\\/\\\/www.dataplugs.com\\\/wp-content\\\/litespeed\\\/avatar\\\/30f83833f149a7e0d392370709e1d86e.jpg?ver=1777286885\",\"contentUrl\":\"https:\\\/\\\/www.dataplugs.com\\\/wp-content\\\/litespeed\\\/avatar\\\/30f83833f149a7e0d392370709e1d86e.jpg?ver=1777286885\",\"caption\":\"Felix Cheung\"}}}}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"New Phishing Attack: Damaged Word Files Evade Security","description":"Discover how cybercriminals use damaged Word files to bypass security software and execute phishing attacks. Learn how to protect yourself from these threats.","robots":{"index":"index","follow":"follow"},"canonical":"https:\/\/www.dataplugs.com\/en\/wp-json\/wp\/v2\/posts\/52983","og_locale":"en_US","og_type":"article","og_title":"New Phishing Attack: Damaged Word Files Evade Security","og_description":"Discover how cybercriminals use damaged Word files to bypass security software and execute phishing attacks. Learn how to protect yourself from these threats.","og_url":"https:\/\/www.dataplugs.com\/en\/wp-json\/wp\/v2\/posts\/52983","og_site_name":"Dataplugs","article_publisher":"https:\/\/www.facebook.com\/dataplugs\/","article_published_time":"2024-12-23T02:30:08+00:00","article_modified_time":"2024-12-23T02:30:49+00:00","author":"Felix Cheung","twitter_card":"summary_large_image","twitter_creator":"@dataplugs","twitter_site":"@dataplugs","twitter_misc":{"Written by":"Felix Cheung","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":{"0":{"@type":"Article","@id":"https:\/\/www.dataplugs.com\/en\/damaged-word-files-phishing-attack\/#article","isPartOf":{"@id":"https:\/\/www.dataplugs.com\/en\/damaged-word-files-phishing-attack\/"},"author":{"name":"Felix Cheung","@id":"https:\/\/www.dataplugs.com\/sc\/#\/schema\/person\/266fbbc69124aa0f09742495f383ae79"},"headline":"New Phishing Attack: Damaged Word Files Evade Security","datePublished":"2024-12-23T02:30:08+00:00","dateModified":"2024-12-23T02:30:49+00:00","mainEntityOfPage":{"@id":"https:\/\/www.dataplugs.com\/en\/damaged-word-files-phishing-attack\/"},"wordCount":412,"publisher":{"@id":"https:\/\/www.dataplugs.com\/sc\/#organization"},"articleSection":["Web Security"],"inLanguage":"en-US","url":"","about":{"@id":"https:\/\/www.dataplugs.com\/en\/damaged-word-files-phishing-attack\/"},"thumbnailUrl":"https:\/\/www.dataplugs.com\/wp-content\/uploads\/2024\/12\/dp_1223_a.jpg"},"1":{"@type":"WebPage","@id":"https:\/\/www.dataplugs.com\/en\/damaged-word-files-phishing-attack\/","url":"https:\/\/www.dataplugs.com\/en\/damaged-word-files-phishing-attack\/","name":"New Phishing Attack: Damaged Word Files Evade Security","isPartOf":{"@id":"https:\/\/www.dataplugs.com\/sc\/#website"},"datePublished":"2024-12-23T02:30:08+00:00","dateModified":"2024-12-23T02:30:49+00:00","description":"Discover how cybercriminals use damaged Word files to bypass security software and execute phishing attacks. Learn how to protect yourself from these threats.","breadcrumb":{"@id":"https:\/\/www.dataplugs.com\/en\/damaged-word-files-phishing-attack\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.dataplugs.com\/en\/damaged-word-files-phishing-attack\/"]}]},"2":{"@type":"BreadcrumbList","@id":"https:\/\/www.dataplugs.com\/en\/damaged-word-files-phishing-attack\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.dataplugs.com\/en\/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https:\/\/www.dataplugs.com\/en\/blog\/"},{"@type":"ListItem","position":3,"name":"New Phishing Attack: Damaged Word Files Evade Security"}]},"5":{"@type":"Person","@id":"https:\/\/www.dataplugs.com\/sc\/#\/schema\/person\/266fbbc69124aa0f09742495f383ae79","name":"Felix Cheung","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.dataplugs.com\/wp-content\/litespeed\/avatar\/30f83833f149a7e0d392370709e1d86e.jpg?ver=1777286885","url":"https:\/\/www.dataplugs.com\/wp-content\/litespeed\/avatar\/30f83833f149a7e0d392370709e1d86e.jpg?ver=1777286885","contentUrl":"https:\/\/www.dataplugs.com\/wp-content\/litespeed\/avatar\/30f83833f149a7e0d392370709e1d86e.jpg?ver=1777286885","caption":"Felix Cheung"}}}}},"_links":{"self":[{"href":"https:\/\/www.dataplugs.com\/en\/wp-json\/wp\/v2\/posts\/52983","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dataplugs.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dataplugs.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dataplugs.com\/en\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dataplugs.com\/en\/wp-json\/wp\/v2\/comments?post=52983"}],"version-history":[{"count":2,"href":"https:\/\/www.dataplugs.com\/en\/wp-json\/wp\/v2\/posts\/52983\/revisions"}],"predecessor-version":[{"id":52988,"href":"https:\/\/www.dataplugs.com\/en\/wp-json\/wp\/v2\/posts\/52983\/revisions\/52988"}],"wp:attachment":[{"href":"https:\/\/www.dataplugs.com\/en\/wp-json\/wp\/v2\/media?parent=52983"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dataplugs.com\/en\/wp-json\/wp\/v2\/categories?post=52983"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dataplugs.com\/en\/wp-json\/wp\/v2\/tags?post=52983"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}