Phishers have come up with another trick to make Office documents carrying malicious links undetectable by many e-mail security services: they delete the links from the document’s relationship file (xml.rels).
The trick has been spotted being used in a email spam campaign aimed at leading victims to a credential harvesting login page.