The average spammer has tried to conceal what their attachments really contain

They often use macro-enabled Microsoft documents with alternative document extensions, open the attachments and you get a nasty present.

This is no different but instead, this one is showing you how to run the malicious item. The reason is most mail services block the *.docm macro enabled documents so to get this attachment through to it’s unknowing users mailbox, this sender has dumbed down the attachment to the simple .doc type that most mail servers do allow email users to attach today.



Note: If you’re unsure about an attachment, do not open it just because it is in your inbox. 

The email below is obviously not part of my normal day’s email activity and the Microsoft Word *.doc item is attached.

Screen Shot 2016-08-16 at 6.56.36 AM
Received email item


Now I opened this item for testing on a test computer, below is the content within the Microsoft Word document.

Not only was it simple, it actually tells the user how to enable the malicious document

Screen Shot 2016-08-16 at 6.56.11 AM
Document content instructions


Personally, I didn’t bother going any further with testing but I hope a few individuals see this to help others avoid the mistake of actioning such a document.