According to Webroot, malware phishing using macros is one of the most widely used forms of phishing attacks. These attacks include emails with attachments of Microsoft documents (Word, Excel, etc.). Upon opening, you are requested to enable macros (see screenshot). When enabled, these macros execute code which releases a payload that infects the user’s computer. This payload could install ransomware, delete your data, or steal information from you.

If you receive an unsolicited email from an unknown sender, you should be very wary of opening any attachment. And when it comes to enabling macros in any document sent to you, this is a major red flag and you should be doubly wary. In fact, we recommend that even if a macro-enabled document is received from a known user, you should reach out to them to ask if the macros are required.