Urgent warning to Microsoft Office users over “homograph attacks” which can expose data & why you must check spellings

SECURITY experts have delivered an urgent warning to Microsoft Office users about "homograph attacks".

The breach allows malware to be downloaded that can expose your data.

1

 is one of the most widely used suite of office-related applications in the world.

Thanks to its global popularity, it's also a constant target for hackers.

Recently, analysts from Romanian cybersecurity firm discovered that Microsoft's platform of office software could be abused to launch phishing attacks.

Bitdefender added that the attacks are targeted at users of Outlook, Word, Excel, OneNote and PowerPoint.

More on cyber hacks

CYBER WAR

US confirms military hackers are supporting Ukraine

WATCH OUT

Microsoft 'zero day' warning for BILLIONS after Office hacked by Chinese crooks

Called "homograph attacks," they are said to be smart enough to trick even the most internet-savvy. So, it's vital that users be extra careful and understand what to look out for.

What is a homograph attack?

Homograph attacks misuse similar-looking characters to deceive users (eg using a "zero" in G00GLE, instead of the letter "o" in GOOGLE). The difference is slight, but the potential of these attacks increases when they are based on international domain names (IDN).

In a disturbing discovery, Bitdefender analysts found that all Microsoft Office applications are unprotected against such attacks.

Most read in The Sun

GRIM FIND

Body of baby found by dog walker in snow-covered field near motorway bridge

'NO SHAME'

Paedo Rolf Harris ‘wiped £16m fortune to make it harder for victims to access'

LIAM'S BOY

Heartbreaking 'Daddy' floral tribute from Liam's son Bear is spotted at funeral

STORMING IN

Moment 'Brit-supplied Storm Shadow blitzes Russian target for 1st time'

The attacks tend to exploit the globalization of the internet. Previously, all web domains used the Latin alphabet, which consisted of 26 characters.

However, the internet has now expanded to include more characters that include the Cyrillic alphabet (used in Eastern Europe and Russia). This allowed hackers to combine different characters and create phishing sites with URLs that look very similar to the authentic website.

What to look out for

Hackers and bad actors can force Microsoft Office apps, like Outlook, to show a link that looks legitimate.

Users may not be able to tell the difference until the site is opened in their browser. In some cases, as users land on these malicious websites, it triggers a malware download.

There is some good news, however.

Bitdefender claims that a homograph attack is not easy to carry out, and is unlikely to be used at scale.

Read More On The Sun

SHOCK ATTACK

Suspect in judge's murder identified and new details on 'targeted' killing

EASY BEING GREEN

See Kris Jenner's $20M mansion's backyard with pool, BBQ & HUGE tables

However, it warns the vulnerability can be abused as a highly potent weapon for targeted attacks, like state-sponsored cyber attackers targeting certain high-value companies to hack their passwords and other sensitive data.

Bitdefender reported the issue to Microsoft in October 2021 and the tech giant acknowledged the threat as real. However, it has yet to issue a patch to fix the vulnerability.