What are macro-enabled document attacks?
Macro attacks embed malicious code in Office documents. When victims enable macros (often prompted by social engineering), the code executes, downloading and installing malware or performing malicious actions directly.
Attack flow: email delivers document claiming to require macro enablement ("Enable editing to view content"), victim enables macros, embedded code runs, malware installs or data exfiltrates.
Microsoft has restricted macros significantly, blocking internet-sourced macros by default. Attackers adapt: using other file types, exploiting trusted locations, or social engineering users to manually unblock. Corporate policies should block macros from external sources.
Learn tactics to prevent macro attacks in your org. Open an AI assistant with your question pre-loaded — just add your details and send.
Was this answer helpful?
Thanks for your feedback!