Phishing Scheme Targeting Holiday Emails: A Dangerous Word Document Trick
The holiday season can often bring emails about bonuses or annual benefits, but be on guard—phishing attacks are thriving during this time. A new scam involves an attached Word document that claims to be corrupted but offers the option to recover the content. If you click to recover the document and scan the accompanying QR code, you’ll be directed to a fake Microsoft login page where your credentials are at risk.
This particular phishing technique is clever in that the malicious content isn’t visible within the document immediately, meaning it can bypass standard antivirus software. Although phishing itself isn’t new, the method of embedding it in corrupted Word documents is a more recent approach.
To stay safe, exercise caution before opening email attachments, especially if they’re from unknown or unverified sources. Even emails from familiar contacts should be questioned if the attachment seems unexpected or unusual.
A safer way to handle links in emails is to avoid clicking them, especially if you didn’t request the email. Instead, navigate directly to the website using your browser and log in from there.
If possible, switch to passkeys for account security. Unlike traditional passwords, passkeys are tied to the device where they were created, making them harder to steal. For added protection, enable two-factor authentication (2FA), which requires a second form of verification, making it harder for attackers to access your accounts.
Remember, phishing attacks depend on your involvement. Before taking any action, consider whether the request seems legitimate—like scanning a QR code in a Word doc about benefits. In most cases, the answer should be no.