Microsoft Finally Patches Bug in Word That Scammers Used to Steal Banking Info
If you get an email that contains an unfamiliar Microsoft Word document, for goodness sake, don’t open it. The file could unleash a secret program designed to hoover up your banking information and send it to a cyber-criminal.
In recent weeks, scammers have been running a massive email campaign to trick people into clicking on booby-trapped Word documents. Clicking on the documents serves to start a download of the so-called “Dridex banking Trojan,” which installs a program designed to steal banking information.
As the security firm Proofpoint explains in a blog post, the scammers’ email came with the subject line “Scan Data” and included Microsoft Word attachments that said “Scan” and a random number. The company points out the emails are not as devious as some forms of phishing campaigns (like this one that pretends to be from the SEC), but they are still effective enough to trick people.
Get Data Sheet, Fortune‘s technology newsletter.
“Note that while this campaign does not rely on sophisticated social engineering, the spoofed email domains and common practice of emailing digitized versions of documents make the lures fairly convincing,” said Proofpoint, adding the scammers have targeted millions of people, mostly in Australian organizations.
Some have criticized Microsoft (MSFT) for failing to warn users about the dangers posed by the Dridex bug, which the company has reportedly known about since January. A Microsoft Office update to disable the dangerous documents was finally released today.
“This was addressed in the April security update release today, April 11, 2017. Customers who applied the update, or have automatic updates enabled, are already protected,” said a Microsoft spokesperson.
The scare over the fake Microsoft Word documents comes after another recent campaign that used realistic-looking attachments to persuade Gmail users to hand over their log-in credentials. In this case, what appeared to be an attached file was actually an embedded image that linked out to a fake Gmail login page.