Join Transform 2021 for the most important themes in enterprise AI & Data. Learn more.

If you get an email that contains an unfamiliar Microsoft Word document, for goodness sake, don’t open it. The file could unleash a secret program designed to hoover up your banking information and send it to a cyber-criminal.

In recent weeks, scammers have been running a massive email campaign to trick people into clicking on booby-trapped Word documents. Clicking on the documents serves to start a download of the so-called “Dridex banking Trojan,” which installs a program designed to steal banking information.

As the security firm Proofpoint explains in a blog post, the scammers’ email came with the subject line “Scan Data” and included Microsoft Word attachments that said “Scan” and a random number. The company points out the emails are not as devious as some forms of phishing campaigns (like this one that pretends to be from the SEC), but they are still effective enough to trick people.

“Note that while this campaign does not rely on sophisticated social engineering, the spoofed email domains and common practice of emailing digitized versions of documents make the lures fairly convincing,” said Proofpoint, adding the scammers have targeted millions of people, mostly in Australian organizations.

Some have criticized Microsoft for failing to warn users about the dangers posed by the Dridex bug, which the company has reportedly known about since January. A Microsoft Office update to disable the dangerous documents was finally released today.

“This was addressed in the April security update release today, April 11, 2017. Customers who applied the update, or have automatic updates enabled, are already protected,” said a Microsoft spokesperson.

The scare over the fake Microsoft Word documents comes after another recent campaign that used realistic-looking attachments to persuade Gmail users to hand over their log-in credentials. In this case, what appeared to be an attached file was actually an embedded image that linked out to a fake Gmail login page.

This story originally appeared on Copyright 2017


VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact. Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:
  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform
  • networking features, and more
Become a member