‘Review my CV’ Macro Malware Email

Computer with Malware

In recent years, criminals have repeatedly used fake resume or CV emails as a means of distributing malware. Some earlier versions included the malware in attached .zip files that harboured malicious executable files.

This version takes a different approach. The email asks you to review the sender’s CV, which is supposedly contained in an attached Microsoft Word document simply titled ‘Resume.doc’. Given that employers may regularly receive CVs and resumes in Word format, at least a few recipients may go ahead and open the attachment. After all, they may create, open, save, and send ‘.doc’ files  everyday and may therefore consider them safe.

But, this Word document includes a malicious macro. When you attempt to open the seemingly innocuous Word document, you will receive a message claiming that the document is ‘protected’ and you must therefore enable macros before the content can be correctly displayed. If you enable macros as instructed,  the malicious macro can then run and proceed to download and install other types of malware.

A macro is a group of commands and instructions that can be collected as a single command in order to quickly and automatically accomplish a task. Microsoft Office programs and other types of software allow you to build your own macros to create more efficient workflows.

However, macros can also be used maliciously. In the past, macro virus threats were common. Thankfully, later versions of Microsoft Office disabled macros by default thereby lessening the threat posed by macro viruses. But, online criminals are again using macros to trick people into installing malware. Unless you have a specific need to use macros and are aware of the potential risks, you would be wise to leave macros disabled.

However, malicious macros are again being used to spread malware.

In modern incarnations of the threat, criminals do not try to subvert in-built security systems but use simple social engineering techniques to get users to allow the macros to run. The criminals rely on the curiosity of recipients who may proceed without due caution in the hope of finally viewing the promised document content.

Therefore, unless you have a good reason to use them and have a sound knowledge the potential risks they pose, it is safest to leave them disabled by default. Be wary of any message that claims that you must enable macros to view or interact with Microsoft Office documents. It should never be necessary to enable macros in order to view a simple document such as a CV.


Subject: Quick Question


I was visting your website on 1/28/2016 and I’m very interested.
I’m currently looking for work either full time or as a intern to get experience in the field.
Please review my CV and let me know what you think.

Thank you for your recommendation,

[Name removed]

Attached file: ‘Resume.doc

Last updated: January 29, 2016
First published: January 29, 2016
By Brett M. Christensen
About Hoax-Slayer

‘My Resume’ Malware Emails
Bogus Resume Emails Contain Ransomware
Macro Virus Threat Returns – Beware Emails With Malicious Word Attachments