Cybercriminals exploit corrupted Word files in phishing attacks

Cybersecurity researchers have discovered that cybercriminals are using corrupted Microsoft Word files in phishing attacks. These files evade email security scanners because they cannot be analyzed when corrupted, allowing malicious content to be restored and presented to victims. Once restored, the files often contain QR codes that lead to fake Microsoft 365 login pages, aiming to steal users' cloud credentials. This method exploits weaknesses in email protection systems, which fail to detect the threats. Phishing remains a significant online threat, despite various security solutions. Experts emphasize the importance of caution when handling emails, especially from unknown sources.