You’re scanning your inbox and spot an important email with a Word document attached. Maybe it’s an invoice, a message from a supplier, or even a request from a colleague. You open it without thinking twice… and just like that, you’ve been scammed.

This scenario is exactly what cyber criminals are counting on. Now they’ve come up with another new way to get past even the most advanced email security filters – this time, using corrupted Microsoft Word files.

It’s a clever and dangerous tactic.

Phishing (pronounced “fishing”) is where scammers try to trick you into giving away sensitive information, like passwords or bank details. They “bait” you with an email that looks legitimate, maybe from your bank, a co-worker, or a company you trust.

These emails often include attachments or links. When you open the attachment or click the link, you could be downloading malicious software (malware) or visiting a fake website designed to steal your details.

Phishing attacks are constantly evolving, and they’re now one of the most common ways scammers break into businesses. Email security filters are usually pretty good at scanning attachments. But since corrupted files can’t be analysed properly, the Word file is able to sneak into your inbox.

When you open one of these corrupted files, Microsoft Word will “repair” it and show you what looks like a normal attachment. But the document will contain a malicious QR code or link that sends you to a phishing site (often a fake Microsoft 365 login page). If you enter your details, scammers could have access to your account – and potentially your entire business. 

Stealing just one employee’s login details can be enough. With access to your cloud systems, scammers could get hold of sensitive customer data, lock your team out of essential files, or even send phishing emails from your account to trick your contacts.

If this happens to you, it could be catastrophic. Your business could face financial losses, legal consequences, and a damaged reputation that could take a long time to rebuild.

Cyber attacks are getting more complicated. But you don’t need a degree in cyber security to help keep your business safe.

The best protection is awareness and caution.

Here are some steps you can take:

• Slow down and think twice before opening attachments or clicking on links
• If an email seems urgent, beware – scammers like to rush you, so you’ll act without thinking
• If you’re not sure an email is legit, check with the person or company that the email seems to be from
• Never trust an attachment or link just because it looks professional

Most importantly, make sure you educate yourself and your team about what phishing is, why it’s dangerous, and how to recognise the warning signs.

We help businesses like yours with this every day. If you’d like us to help you too, get in touch.