Beware that corrupted email attachment: It could be a scam

You’re scanning your inbox and spot an important email with a Word document attached. Maybe it’s an invoice, a message from a supplier, or even a request from a colleague. You open it without thinking twice… and just like that, you’ve been scammed.

This scenario is exactly what cyber criminals are counting on. Now they’ve come up with another new way to get past even the most advanced email security filters – this time, using corrupted Microsoft Word files.

It’s a clever and dangerous tactic.

Phishing (pronounced “fishing”) is where scammers try to trick you into giving away sensitive information, like passwords or bank details. They “bait” you with an email that looks legitimate, maybe from your bank, a co-worker, or a company you trust.

These emails often include attachments or links. When you open the attachment or click the link, you could be downloading malicious software (malware) or visiting a fake website designed to steal your details.

Phishing attacks are constantly evolving, and they’re now one of the most common ways scammers break into businesses. Email security filters are usually pretty good at scanning attachments. But since corrupted files can’t be analysed properly, the Word file is able to sneak into your inbox.

When you open one of these corrupted files, Microsoft Word will “repair” it and show you what looks like a normal attachment. But the document will contain a malicious QR code or link that sends you to a phishing site (often a fake Microsoft 365 login page). If you enter your details, scammers could have access to your account – and potentially your entire business. 

Stealing just one employee’s login details can be enough. With access to your cloud systems, scammers could get hold of sensitive customer data, lock your team out of essential files, or even send phishing emails from your account to trick your contacts.

If this happens to you, it could be catastrophic. Your business could face financial losses, legal consequences, and a damaged reputation that could take a long time to rebuild.

Cyber attacks are getting more complicated. But you don’t need a degree in cyber security to help keep your business safe.

The best protection is awareness and caution.

Here are some steps you can take:

  • Slow down and think twice before opening attachments or clicking on links
  • If an email seems urgent, beware – scammers like to rush you, so you’ll act without thinking
  • If you’re not sure an email is legit, check with the person or company that the email seems to be from
  • Never trust an attachment or link just because it looks professional

Most importantly, make sure you educate yourself and your team about what phishing is, why it’s dangerous, and how to recognise the warning signs.

We help businesses like yours with this every day. If you’d like us to help you too, get in touch.

Recent posts

More good news for accessibility in Windows 11

More good news for accessibility in Windows 11

Have you ever opened a document or presentation and realised half the information is locked away in an image or graphic you can’t quite make sense of? Maybe it’s a complicated chart, or a photo with crucial details, but no one thought to add a description. Microsoft...

read more
Smoother, smarter dictation in Windows 11

Smoother, smarter dictation in Windows 11

When was the last time you found yourself typing something and thought, “There must be an easier way to do this”? If you or your team ever use voice dictation to capture notes, write emails, or even draft reports, Windows 11 has some good news. A new feature called...

read more
Outlook will flag your most important emails

Outlook will flag your most important emails

How much time do you waste sorting through emails every day, trying to figure out what really needs your attention? If you’re like most business owners, the answer is probably “too much”. Between customer queries, supplier updates, internal messages, and the...

read more