People assume malware attacks occur after the unsuspecting person downloads a file or opens a link that triggers the malware to activate. In the news recently has been ransomware, where the person’s computer is affected and effectively locked/encrypted until they pay the money requested to obtain the encryption key. A different variant of this type of attack can come from a Word document that exploits a vulnerability on computers missing Microsoft Office patches.

These documents use the Microsoft Word Intruder exploit tool. This attack is particularly dangerous because just opening these documents in full edit mode activates the attack. Fortunately, word and outlook View Only mode are not at risk. Once infected, a key-logger is downloaded and installed and then sensitive information can be stolen (logins and passwords).

One common approach by hackers and scammers is to send businesses unsolicited invoices or quotes via email. When the business owner opens the malicious word document, the keylogger is activated, and the scammers wait for the business owners to enter their email password. Once they have this information, they case the business, waiting for a time when they will begin invoicing customers. The scammer then sends out a handful of emails, using the business owner’s own account, and provides customers new payment directions to the scammer’s own account. The customer accepts the email as true because it came from the business email they are used to seeing and they comply with the email.

These type of attacks do not necessarily affect a large number of individuals but can target those of high value. A large number can have the document downloaded, but the scammer’s target is only high value so some infected customers might be watched but unaffected.

What can be done to combat this?

  • Ensure that version of Word being used does not have vulnerabilities by patching it
  • Keep your anti-virus up-to-date
  • Be wary of unknown or unsolicited attachments in emails – when in doubt call before you open an unexpected file
  • Never enable macros in Word documents, this could be a malware attack
  • Using “Preview” view in Outlook and Word for attachments provides some protection
  • If you often send large invoice sums (>10k), consider two-factor email authentication
  • Require a two-person review for larger invoices or major changes to an account.
  • Always confirm changes in payment instructions by phone
  • Train clients to expect phone calls when changing payment instructions. Only email as follow-up

The unpatched issues with Word are from an older version, so update the version of Word that you are using. Your anti-virus and anti-SPAM services should catch these malicious attachments early, so they don’t make it to your inbox. It is difficult when running a business to know what attachments are legitimate and which aren’t when you are receiving emails all day long from clients and vendors. It is wise just to be extra aware when reviewing your mail. Two-factor authentication means that more than your password is required to access your account. This makes it more difficult for a scammer to send out emails on your behalf. A two-person review just puts another set of eyes on large transactions that can allow for catching anomalies before they become a problem.

Protect your business with the most reliable cyber security experts. Neoscope provides the IT security New England businesses need to stay one step ahead of emerging threats. Contact us at (603) 505-4902 or send us an email at to know more about our services.