Scam of the Week: Macros on Macros

KnowBe4 logo.
Scam of the Week banner.


Macros on Macros

Cybercriminals are always finding new ways to bypass your security filters. In this scam, the bad guys start by sending a Microsoft Word document that has no malicious code or links within it. Once opened in Microsoft Word, the innocent-looking document includes a pop-up that asks you to enable macros. A macro, short for macroinstruction, is a set of commands that can be used to control Microsoft Word, Microsoft Excel, and other programs.

Here’s how the attack works: If you open the attached Microsoft Word document and enable macros, the document automatically downloads and opens an encrypted Microsoft Excel file. The Microsoft Excel file instructs Microsoft Word to write new commands into the same Microsoft Excel file. Once the new commands are added, the Microsoft Excel file automatically downloads and runs a dangerous piece of malware onto your device.

Use the tips below to avoid falling victim to an attack like this one:

  • Never click a link or download an attachment from an email that you were not expecting.
  • Before enabling macros for a file, contact the sender using an alternative line of communication, such as making a phone call or sending a text message. Verify who created the file, what the file contains, and why enabling macros is necessary.
  • This type of attack isn’t exclusive to Microsoft products. The technique could easily be used on a number of other programs. Always think before you click.
Stop, Look, and Think. Don’t be fooled.
Executive IT Help Security Team
Office: 832-295-1411

Stop, Look, and Think. Don’t be fooled.