Macro Enabled Attachments - Are You Aware of the Danger That's Lurking in Your Email? | Stewart Title Blog
Are you familiar with macro-enabled attachments? It’s a form of phishing and has some interesting attributes of which you should be aware of. If you ever receive an email with the introduction “Greeting, dearest customer,” you should delete the email immediately.
The punctuation, poor grammar and lack of proper spacing instantly reveal it’s a crudely crafted phish attempt that’s playing on your curiosity or fear of a recent purchase. Also, while this is a standard con method that you may be accustomed to by now, but remember the real threat lies in the attachment.
The attachment (image 1) is embedded in a newer Microsoft format file and will have a four-letter extension - docm. The "m" is what makes it dangerous. "M" at the end of any Microsoft file (Word, Excel or PowerPoint) means it is a macro-enabled file.
Macros are used to automate a random element within the document. It uses a script language and can record steps or events with the macro recorder. Not many people use it, but cybercriminals love macro-enabled files. They will quietly hide a malicious script as the macro, and once you open and enable the document your system connects to the perpetrators' website to download malicious content without your knowledge.
However, Microsoft became privy to this form of cybercrime, and with the creation of Office 2013, they implemented “Protected View” for all office files. This opens any files (Word, Excel or PowerPoint) in a protected, read-only view. With this view, you have to actually acknowledge and purposefully enable editing, saving, printing, etc.
If you were to open that Word attachment, you would be prompted with the hacker’s instructions to "Enable Editing" (image 2) and consequently "Enable Content" (3) on the second prompt. A pretty standard camouflage with the MS Word logo is a statement that the file is an older version; don’t fall prey to this. You can't open newer file formats with the older version of Office, but you can ALWAYS open older formats with a newer version of Office. Thankfully, Microsoft does an excellent job to protect you.
As always, think before you click.