Skip to main content

Dodgy word document? It could be a phishing attack

Security

Have you received an email with an attachment that’s corrupted? Before you fix the file, know that you could be reading a phishing email.

The fake file phishing attack

The scam starts off with an email, often with a legitimate looking email address, suggesting the message is from someone you know. The email might be marked as urgent, or high priority, and have an attachment (in this case, a word document). 

The email requests that you download the attachment and review the information; the information might be about a bonus, or a proposal that you’re required to approve. 

However, when you click the attachment, a pop up appears from Microsoft Word, informing you that the file is corrupted and asking if you’d like to use the recovery feature. When you click yes, the file is restored. 

Opening the file reveals a QR code, which you’re prompted to scan with your mobile. That takes you to a login page; this might be for your Microsoft 365 account, or it might be your company’s internal login page. When you’ve entered your details, the scammer has access to your account - and anything that you have access to.

Why this scam is so effective

This scam brings together some of the most persuasive and manipulative techniques in a phisher’s toolbox; social engineeringa random QR code, and a fake login screen. Seeing an email land in your inbox that claims to be urgent is going to make you want to speed up, particularly if that email comes from your boss.

Remember, it is incredibly easy to spoof an email address, so that the sender appears to be someone you trust. This could be your bank, your company director, your accountant or your child. Just because the sender email looks right, it doesn’t mean that the email is legitimate.

There’s also no way to tell where you’ll be taken when you scan a QR code, and any safety procedures you have in place for URL scanners aren’t going to work. With a targeted phishing attack, being sent to something that looks like your employee login screen doesn’t raise any red flags. And once you’ve typed in your details, it’s too late. 

What are the red flags?

This scam is very convincing, particularly if it is targeted, but there is a big red flag here. Can you imagine your boss sending you an email with a word attachment, where the word attachment is broken and needs repairing? And following this, the word document only asks you to scan a QR code, and the QR code takes you to your company’s internal login screen? 

When you think about this scenario for more than a second, it makes no sense. An email from your company or someone you trust wouldn’t be attaching a QR code to a word document to ask you to login to your account; they would just let you know where the information could be accessed. If you’re looking at a scenario like the one above, it’s probably a scam.

Stay safe from phishing scams

  1. Slow down

    Social engineering scams like these are so effective because it plays on your desire to get something done quickly. When we’re working quickly, we’re paying less attention to the red flags that a scam like this presents. Slow down, take your time and think.

  2. Don’t download

    When a file is corrupted, our recommendation is that you inform the sender that the file is broken - without replying to the email. There is just too much risk when you download a file that looks broken, even when you think that the sender is someone you know. Don’t download the attachment, and request the word document again directly.

  3. Go offline

    This scam, like so many phishing scams, is so easy to detect if you take yourself offline. All it takes is a quick conversation with whoever has supposedly sent this email to refute it, saving you and your business hours of stress and panic in the process.

Categories

Latest posts

0191 482 0444

Enquiries

We value your privacy
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Click here to read the latest comments from our customers

The Transcendit Way

Transcendit understand that when you choose to work with us, whether we're taking care of your IT, app or web development, you're trusting us with part of your business. So whether we're looking after your computers, phone systems or servers we always do things 'the Transcendit way'.

The whole of our team adhere to the same values, beliefs and policies - the principles that were written when Transcendit first formed in 2000. Whether you come to us for cloud services or recovery backup you can be confident that you'll always receive the same excellent service.

The Transcendit way outlines how we do business; following the same straightforward principles with every client and customer, regardless of how big or small they may be.

That means we get to know you and your business. We offer you a friendly, professional and efficient service, and we'll always be honest with you.
We understand that not everybody speaks fluent IT, so we try to explain things in a way that is simple and clear. We always spend as much time as is necessary explaining things to you.
If you need to talk to us about something, no matter how insignificant, we are only ever a phone call away – and we’re never too busy to make you a cup of tea and have a sit down with you in person.
We understand how frustrating it can be when things are late. When we schedule an appointment with you, we are there when you’re expecting us. If something prevents us from getting there, we always call you in advance to let you know.
Sometimes things can go wrong, but we never lie to you or try to cover something up. If things go askew we tell you what’s happened and how we plan to prevent it affecting your business.
We want you to continuously benefit from working with us. We regularly discuss your business and make suggestions for improving systems and processes wherever we can – but we never try to push you into a purchase.
When we quote a fixed price, that's always the amount we charge – you won’t find any nasty surprises on a bill from us. If you are paying by time and materials, we inform you if our approximations could change.
We understand the importance of privacy for your business and your customers. We respect the confidentiality of your data, and we will never pass on your information to third parties.
We appreciate it when you take the time to give us feedback. A system called CustomerSure records our client's responses, so you can trust that our reviews are from real people.
Find out what they're saying here.
We have worked with Transcendit for many years (it must be over 10 years) and their services are second to none. I work very closely with Christophe at Transcendit for our website’s communications to stakeholders and there’s nothing he can’t do! Christophe is very professional, prompt with emails and always checks with myself if everything is how it should be. The staff at Transcendit are highly skilled and extremely knowledgeable when it comes to IT. We look forward to continuing to work with Transcendit for the next however many years Laura Driver, NRCPD

Based on 12075 reviews our customers rate us 9.8/10. Reviews and ratings by Customersure. 09-October-2024

Transcendit are proud sponsors of CHUF, the Children's Heart Unit Fund.

Transcendit is a Living Wage employer Transcendit is Proudly employee owned
Transcendit is a Microsoft Gold certified partner
VMWARE partner
Vipre partner
IPCortex partner
WithSecure partner
DELL partner
Barracuda partner
Veeam partner
N-Able partner

Copyright © 2025 Transcendit Ltd, a limited company registered in England and Wales No. 4041370. VAT No. 747 2063 34.
Cookies | Terms and Conditions | Data Protection and Privacy policy | Newsletter | Partners | Careers | Sitemap | Facebook | Twitter
IT support Newcastle | IT support Gateshead | IT support Durham | IT support Sunderland | IT support North East

Cyber essentials certified