Phishing email contains Word doc, enabling macros leads to malware infection

After an employee with PhishMe was targeted by a phishing email, researchers with the company had the opportunity to analyze a sneaky attack that begins with enabling macros in a Microsoft Word document and ends with a malware infection.

The body of the phishing email appears as legitimate internal communications and comes attached with a Microsoft Word document named ‘Financial Statement.doc,’ as seen in a screenshot of the email that was included in a Monday post.

Upon downloading and opening the Word file, the content appears blurred and a message – which states that the blur has been set for security and safety reasons – asks the recipient to enable macros in order to properly view the document.

This is where the social engineering takes place, Ronnie Tokazowski, senior researcher at PhishMe, told in a Wednesday email correspondence.

“Macros have to be enabled for the attack to run because part of the exploit code is in the macro,” Tokazowski said. “By default, MS Word disables macros, but automatically prompts the user to enable them upon opening the document.”

Read the Full Article: Source – SC Magazine

source not found

Related Article

Leave a Reply