Skip to content

Trending tags

Don’t Share Email with Scripts and Macros

Sandra Proske

08.05.18 2 min. read

Sharing documents scripts and macros over email is a habit you want to break, says Broderick Aquilino, Senior Researcher at F-Secure.

“Both scripts and macros are commonly used attack vectors,” he told us. “Users practicing this increase their risk because it becomes harder for them to distinguish something malicious from what they are receiving day to day.”

Casually sharing files that could easily lead to malware infections, including ransomware, effectively “trains” you to open documents in emails with impunity. “It is also harder to control and audit who have access to which documents.”

An alternative to sharing these files as attachments is to use a file server with proper access control.

“Make sure only authorized users are able to share documents and only accessible to the target audience,” he says. “This way users can know to certain extent that documents came from trusted source. If an authorized user accidentally gets infected, the impact will also be limited.”

But here’s even better solution: stop using macros!

They’re a relic from an era when the internet wasn’t widely accessible.

“Times have changed and even Microsoft itself has been finding ways to limit the use of macros. So if users can, they should take the next step and disable macros altogether. Admins can do this via group policy. This prevents users from getting social engineered into enabling and running macros.”

Attachments have been a scourge of internet security for decades now and the classic rule that you should avoid opening them at all if you cannot verify the sender still applies. But criminals know that you know that.

“Malicious attackers will be pretending to be someone you know, so having a clearly defined email policy that includes what type of attachments staffs may or may not send and open can be helpful,” he said. “A good general rule is to prohibit the use of file types that has the ability to execute code.”

Unsolicited email is not is generally not worth your time, Broderick said. This was true in 1998 and it’s true in 2018.

“My bet is that an email is most likely spam if you were not expecting it and the email does not have your name explicitly listed in the recipient list, or the list is hidden or too large. Most probably, you won’t be missing anything important and is better off not opening them.”

But since we all make mistakes, a bad habit is a good thing to eliminate.

Sandra Proske

08.05.18 2 min. read


Highlighted article

Printing Shellz FAQ

Adam Pilkey


9 min. read

Related posts

Newsletter modal

Thank you for your interest towards F-Secure newsletter. You will shortly get an email to confirm the subscription.

Gated Content modal

Congratulations – You can now access the content by clicking the button below.