Fake invoice emails that harbour macro malware continue to hit inboxes around the world.
Many are brief messages like the example shown below:
Subject: Paid Invoices
Please read and ask me any questions.
> http:// [removed ]nvoices-Overdue/
Milenko [Surname Removed]
The messages are designed to trick you into clicking a link. If you do click, a seemingly innocuous Microsoft Word document will be downloaded to your computer.
Supposedly, the document contains details about overdue invoices. But, when you attempt to open the Word file, you will be prompted to enable content in order to view the document. The manner in which the “enable content” prompt is displayed may vary. Here is one example:
If you follow the instructions in the message, you may not see any immediate change to the document. However, a malicious macro will run in the background. The macro will download and install various types of malware.
This tactic is often used to distribute ransomware. Once installed, ransomware can lock up the files on your computer and then demand that you pay a fee to online criminals to receive a decryption key.
In other cases, the malware may be designed to steal your online banking passwords and other sensitive personal information.
Such malware attacks are very common. Be wary of any message that claims that you must “enable content” or “enable macros” to view ordinary Microsoft Word documents such as invoices. There is no reason why such documents would need macros enabled.
Macros can be very helpful in some workflows and quite complex macros can be created. But, such complex macros can be created to perform evil deeds as well as good. In years gone by, macro viruses were common computer security threats. But, for the last several years, they have been much less significant due to the fact that later versions of Microsoft Office disabled macros by default.
Alas, many users may have either forgotten about or have no knowledge of macro risks and may therefore be inclined to enable macros if requested to do so.
While macros can certainly be useful in some workflows, it is best to leave them disabled if you do not use them and and are unfamiliar with their potential security risks. And, do not believe any message that claims that you must enable macros in order to view a simple document such as a billing invoice or receipt.