![\"Word](\"..\/wp-content\/uploads\/sites\/24\/2020\/06\/1.-Word-Macro.png\")
<\/a>\n <\/div>\n<\/a>\n <\/div>\n<\/p><\/div>\n1. Word Macro \u2014 Word file (.doc, .docm) contains a script. Warning appears in yellow bar at the top.<\/p>\n<\/p><\/div>\n
2. Excel Macro \u2014 Excel file (.xls, .xlsm) contains a script. Warning appears in yellow bar at the top.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n
<\/a>\n <\/div>\n<\/a>\n <\/div>\n<\/p><\/div>\n3. Word VBS 1 \u2014 Word file (.doc) contains a script. Warning appears if script is double-clicked.<\/p>\n<\/p><\/div>\n
4. Word VBS 2 \u2014 Word file (.docx) contains a script. Warning appears if script is double-clicked.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n
<\/a>\n <\/div>\n<\/a>\n <\/div>\n<\/p><\/div>\n5. Acrobat Script \u2014 PDF file (.pdf) contains a script. Warning appears.<\/p>\n<\/p><\/div>\n
6. CVE-2017-0199 \u2014 Word file (.doc) contains an exploit. Warning appears.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n
<\/a>\n <\/div>\n<\/a>\n <\/div>\n<\/p><\/div>\n<\/a>\n <\/div>\n<\/a>\n <\/div>\n<\/p><\/div>\n7. CVE-2012-0158 a-d \u2014 Word file (.doc) contains an exploit. Additional Office components is installed then document is converted but no warning appears.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n
<\/a>\n <\/div>\n<\/a>\n <\/div>\n<\/p><\/div>\n8. CVE-2017-8759 \u2014 Word file (.doc) contains an exploit. Warning appears.<\/p>\n<\/p><\/div>\n
9. PowerPoint \u2014 PowerPoint file (.ppsx) contains a script that activates when user mouseovers the link. Warning appears.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n
<\/a>\n <\/div>\n<\/a>\n <\/div>\n<\/p><\/div>\n10. Word DDE \u2014 Word file (.docx) contains a link. Warning appears.<\/p>\n<\/p><\/div>\n
11. Word Callback \u2014 Word file (.doc) contains link. No warning in Word 2010.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n
<\/a>\n <\/div>\n<\/a>\n <\/div>\n<\/p><\/div>\n12. Acrobat Word \u2014 PDF file (.pdf) contains Word doc. Warning appears.<\/p>\n<\/p><\/div>\n
13. CVE-2017-11882 \u2014 Word file (.doc) contains an exploit. No warning.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n
<\/a>\n <\/div>\n<\/a>\n <\/div>\n<\/p><\/div>\n14. Excel Package \u2014 Excel file (.xlsx) contains a script. Warning appears.<\/p>\n<\/p><\/div>\n
15. OneNote \u2014 OneNote file (.one) contains Word doc. No warning.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n
<\/a>\n <\/div>\n<\/a>\n <\/div>\n<\/p><\/div>\n16. CSV a-b \u2014 CSV file (.csv) opened in Excel which contains a link. Warning appears.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n
<\/a>\n <\/div>\n<\/p><\/div>\n17. Email Resume \u2014 Email contains webbug. Missing graphic icon appears if image download is blocked.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/div>\n
<\/p>\n
What should I do if I receive a spearphish?<\/h3>\n
Ask the sender to confirm he\/she sent it (preferably via telephone call), scan the attachment with anti-virus, and report it to your department’s IT staff.<\/p>\n
The following emails would be considered suspicious:<\/p>\n
- \n
- Email with a link or attachment from someone you don’t know or from an odd email address, e.g. navy.ombudsman@yahoo.com, johnn<\/strong>.smith@gmail.com<\/li>\n
- Email with a link or attachment from someone you do know but the message looks odd, e.g. weird punctuation or grammar, wrong salutation or valediction<\/li>\n
- Email with a link or attachment that references a resume, survey, or questionnaire<\/li>\n
- Older Microsoft Office attachments with 3-letter file extensions, e.g. .csv, .rtf, .doc, .xls, .ppt<\/li>\n
- Newer Microsoft Office attachments with 4-letter file extensions that contain macros (ends with “m”), e.g. .docm, .xlsm, .pptm, .dotm, .xltm, .potm<\/li>\n
- Attachments that have strange file extensions, e.g. .chm, .hta, .js, .jse, .lnk, .sct, .vbe, .vbs<\/li>\n
- Keep in mind that attachments may be zipped with or without a password, and could come from your own staff and even be a response to something you previously sent to them<\/li>\n<\/ul>\n
If you opened the attachment and notice the following, STOP!, disconnect the network cable from your computer, and scan your computer with anti-virus:<\/strong><\/p>\n
- \n
- The attachment contains an embedded document, e.g. Excel file embedded in a OneNote file, Word file embedded in a PDF document, Word contains an empty box<\/li>\n
- A popup box appears that prompts you to continue, e.g. security warning, alert message<\/li>\n
- The contents of the attachment is missing or contains gibberish<\/li>\n
- You see a rectangle black window (DOS window) appear then disappear quickly while the attachment is opened or soon after you close it<\/li>\n<\/ul>\n
What Can I Do To Prevent This?<\/h3>\n
- \n
- Be attentive to emails with links and attachments<\/li>\n
- Disable macros in Microsoft Office applications (Word, Excel, PowerPoint)<\/li>\n
- Disable automatic image downloads in email clients, webmail, and smartphone apps<\/li>\n
- Ensure your computer is updated with all the latest security patches (including the OS, Microsoft Office, email clients, and web browsers)<\/li>\n<\/ul>\n
<\/p>\n
\nDon’t Fall for Phishing:
S<\/span>top. E<\/span>xamine. A<\/span>sk. R<\/span>eport.
S.E.A.R. the Phish<\/h3>\n