Skip to page content
Client Hub Tel 01892 830111

Novel Phishing Campaign

By Russell Gower-Leech, Cybersecurity Manager | Published 17 Dec 2024

The scammers are at it again and this time that have developed a new way to get round SPAM filters.

This new phishing campaign uses a damaged Microsoft Word document attachment. As the file is damaged the email filters often cannot read it and pass it through.

Recipients then open the attachment, and Word “helpfully” offers to repair the file. Once repaired, any macros will try to run (this should be disabled by default, but can still happen) or the recipient may be met with a QR code like this: 

This is particularly tricksy as most of the time you’ll need a phone to scan the QR code. This leaves recipients further at risk as personal devices tend to lack high level protections like antivirus software. 😢

So, what can you do?

  • Never open an attachment or link from an email or sender you are not expecting!
    • If the sender is known to you but the message is odd or unexpected call them to confirm if it’s genuine – they may have had their account compromised so emailing them won’t really help
    • In this example the campaign inserts Base64 encoding schemes into the attachment name (eg: #TEXTNUMRANDOM45==) so look out for this in particular
  • Use the reporting buttons in Outlook to report any suspect messages
    • If you are a Select Technology customer, this creates a ticket for us to look at and reports the message(s) to Microsoft
  • Avoid QR codes: Unless you’re expecting one, steer clear. They can lead you to malicious websites.

Stay safe out there ✌️

Contact Us