Consider the following situation:
Someone you’ve communicated with before sends you a personalized but unsolicited email with an attachment. You check the return email and confirm that it came from the person’s legitimate email address. Even though you were not expecting the email, you open the attachment anyway. The Microsoft Office document prompts you to Enable Content…
What do you do?
Now consider further that a hacker has infiltrated your correspondent’s account, read the previous email communications with you and has crafted your received email to impersonate them. Would that change how you would handle the received email?
Scenario 1 (You Enable Content): The infected attachment runs on your computer with the same privileges as you; it reads your locally saved passwords stored in your browsers and sends them to the hacker who uses them to compromise your accounts. Then it sends emails to all your contacts with the same infected attachment, embarrassing you and spreading the infection.
Scenario 2 (You don’t Enable Content): You are suspicious and contact the sender by phone or text, to confirm the email/attachment. They tell you that they did not send the email and that they have received several such inquiries. You then delete the email without getting infected.
More info:
Macros from the internet are blocked by default in Office
Microsoft
When you open a Microsoft office document from an unknown or untrusted source, you are prompted with a yellow “Security Warning” bar. Don’t click the “Enable Content” button! Unless you are certain about the sender *and* their intentions. Clicking that button enables any code that may be lurking inside.
Consider that Enabling Content allows any malicious code to operate on your computer with the same privileges that you have!
Hopefully, you choose scenario 2 and save yourself a lot of headaches. Perhaps reading through this potential situation will help you consider such possibilities.
First of all, it would be best to contact the sender by phone or text *before* opening the attachment, as even that step could infect your computer. However, with many anti-virus programs and the security measures of Microsoft Documents, you may still be safe to that point. However, once you Enable Content, you are allowing any embedded code to execute at the same elevated privileges as you.
Microsoft documents are a complex bundle of text, formatting and code. We may see just the text and formatting, and in most cases that’s all there is. But code can be hidden inside, waiting for you to Enable Content and release the contents of Pandora’s box. If you are ever unsure, you should always start by declining to Enable Content. If you can access everything you need without Enabling Content, then you are fine. If something in the document does not work as expected, then you should reach out to the sender through another means (phone, text, etc.) and confirm that the document is legitimate before Enabling Content.
Why does Microsoft allow code to be “hidden” in documents?
Macros can save time by automatically performing repetitive tasks, creating custom buttons, and integrating with other applications, but they aren’t required for everyday use like reading or editing a document in Word or using Excel workbooks. In most cases you can do everything you need to do in Microsoft 365 without allowing macros to run.
Upcoming change
Microsoft is changing the default behavior of Office application to block macros in files from the Internet. This change affects how users interact with files from the internet, like email attachments containing macros. Now, when users open such a file, they see the following message:
Microsoft provides more information about this change here.
If you have questions about this, please let us know and we will be happy to assist you.
Take care,
