How hackers trick you to open infected documents

Office-Watch.comLast updated: 30 November 2023

Microsoft 365,Microsoft Excel,Microsoft Office,Microsoft Office for Mac,Microsoft Powerpoint,Microsoft Word,Office 2007,Office 2010,Office 2013,Office 2016,Office 2019,Office 2021 / Office LTSC,Office 365

Here’s how to avoid the tricks hackers use to infect your computer via Office documents.

Microsoft has added features to Office that should make it harder to infect your computer via a Word, Excel or PowerPoint document. Hackers have found ways to trick people into bypassing those warnings and enable the viruses in the document.

When you open an .rtf (Rich Text) or .doc document that arrived via email, Word it opens in Protected View.

That lets you read the document without enabling any nasties. Same applies for other three-letter extension files like .dot in Word, Excel .xls etc and PowerPoint .ppt etc.

Many infected files arrive in the old Office document formats because they are much easier to hack. See Why Old Office documents should be banned. Our general advice is NOT opening any files in the old Office formats because they are too risky and there are perfectly good alternatives.

If it’s a modern Office document .docm .xlsm or .pptm file type (with macros included) then there’s yet another warning, assuming you have the default setting of macros disabled.

Hackers want you to click on the ‘Enable Editing’ or ‘Enable Content’ button to unleash their code on your computer.

They do that with some message, either in the email or at the top of the document with some vaguely plausible excuse to explain why it’s essential to click on the ‘Enable Editing’ or ‘Enable Content’ button.

Here’s some examples:

“Click on Enable Content in Word to completely view this receipt”

“Enable VBA macros in Excel as a security measure” — this sounds ridiculous to regular Office users, but it works!

Maybe something unexpected, even a little shocking like a Fake Witness Subpoena.

The emails are usually deliberately vague, enticing you to open the attachment to find out more. A fake invoice message will lack important details (amount or reason for the bill) so you’re curious or worried enough to forget caution and open the document.

Very occasionally spammers get extra details like your street address to make the infected message seem more plausible.

Outlook has an attachment preview option that’s is all you need to safely view most attachments. Just click/tap on the attachment or right-click and choose ‘Preview’.