Beware that corrupted email attachment: It could be a scam

You’re scanning your inbox and spot an important email with a Word document attached. Maybe it’s an invoice, a message from a supplier, or even a request from a colleague. You open it without thinking twice… and just like that, you’ve been scammed.

This scenario is exactly what cyber criminals are counting on. Now they’ve come up with another new way to get past even the most advanced email security filters – this time, using corrupted Microsoft Word files.

It’s a clever and dangerous tactic.

Phishing (pronounced “fishing”) is where scammers try to trick you into giving away sensitive information, like passwords or bank details. They “bait” you with an email that looks legitimate, maybe from your bank, a co-worker, or a company you trust.

These emails often include attachments or links. When you open the attachment or click the link, you could be downloading malicious software (malware) or visiting a fake website designed to steal your details.

Phishing attacks are constantly evolving, and they’re now one of the most common ways scammers break into businesses. Email security filters are usually pretty good at scanning attachments. But since corrupted files can’t be analysed properly, the Word file is able to sneak into your inbox.

When you open one of these corrupted files, Microsoft Word will “repair” it and show you what looks like a normal attachment. But the document will contain a malicious QR code or link that sends you to a phishing site (often a fake Microsoft 365 login page). If you enter your details, scammers could have access to your account – and potentially your entire business.

Stealing just one employee’s login details can be enough. With access to your cloud systems, scammers could get hold of sensitive customer data, lock your team out of essential files, or even send phishing emails from your account to trick your contacts.

If this happens to you, it could be catastrophic. Your business could face financial losses, legal consequences, and a damaged reputation that could take a long time to rebuild.

Cyber attacks are getting more complicated. But you don’t need a degree in cyber security to help keep your business safe.

The best protection is awareness and caution.

Here are some steps you can take:

  • Slow down and think twice before opening attachments or clicking on links
  • If an email seems urgent, beware – scammers like to rush you, so you’ll act without thinking
  • If you’re not sure an email is legit, check with the person or company that the email seems to be from
  • Never trust an attachment or link just because it looks professional

Most importantly, make sure you educate yourself and your team about what phishing is, why it’s dangerous, and how to recognise the warning signs.

We help businesses like yours with this every day. If you’d like us to help you too, get in touch.

Read More Blogs

How to create secure passwords

How to create secure passwords

Weak passwords are one of the biggest security risks to your business.
Why?
Because cyber criminals are getting smarter than ever before. If they manage to crack just one password, they could gain access to your sensitive business data, financial information, or even gain control of your entire system.
Cyber criminals use automated tools to guess passwords, allowing them to try out millions of combinations in seconds. So, if you’re using something like “Password123” or “CompanyName2025”, you’re practically handing them the keys to your business.
A compromised password can lead to big issues, such as:
• Data breaches
• Financial losses
• Identity theft
• Reputation damage
But how do you create strong passwords without driving yourself (and your team) mad?
Think of your password like a secret recipe, where only you should know the ingredients. It should:
• Be at least 14 characters long (the longer, the better)
• Include a mix of uppercase and lowercase letters
• Contain a few numbers and symbols (like @, $, %, or &)
• Not contain any common words or easily guessable information (like birthdays, names, or the word “password”)
Instead of using a single word, you could try a passphrase – a short, random sentence that only you would understand. For example, instead of “Sailing2025”, try something like “Coffee&CloudsAreGreat9!”. This is much harder to crack, yet still easy to remember.
You should also steer clear of these common mistakes:
• Using personal info (your name, birthday, business name, etc.)
• Reusing the same passwords across multiple accounts
• Using simple sequences (“123456” or “abcdef”)
• Storing passwords in an easily accessible place (like a sticky note on your desk)
If remembering unique passwords for every account sounds impossible, there is another option: Password managers. These generate strong passwords, store them securely and autofill them for you.
With a password manager, you only need to remember one strong master password for the manager app itself. The rest are encrypted and stored safely, reducing the risk of data breaches.
Even the strongest password isn’t foolproof, which is why multi-factor authentication (MFA) is also important. MFA requires a second form of verification, like a one-time code sent to your phone or generated from an authentication app.
If you have employees accessing your business systems, it’s a good idea to have a password policy in place to explain your rules and why they’re important. This should include:
• Unique passwords for each system and account
• Regular security training on password best practices
• Business-wide use of MFA for critical systems
• Scanning for compromised passwords regularly
By making password security a priority, you can reduce the chances of a cyber attack creating a nightmare for your business.
And if you need help making your business more secure, get in touch.

read more