Often during phishing campaigns, a Microsoft Office document (typically Word, Excel or PowerPoint) will be included as an attachment. Office documents can contain macros; macros do have a legitimate use but can also be used to run computer commands that can cause malware to be installed onto the victimโs computer or connect back to an attackerโs network and allow the attacker to take control of the victimโs computer.
Take, for example, the following scenario:
A staff member working for Acme IT Support receives an email from human resources with an excel spreadsheet called โStaff_Salaries.xlsxโ intended to go to the boss but somehow ended up in the staff members inbox instead.ย
What really happened was that an attacker spoofed the human resources email address and crafted a psychologically tempting email perfectly aimed to tempt the staff member into opening the attachment.
Once the staff member opened the attachment and enabled the macros, their computer was compromised.