HMRC advise of malicious Microsoft Office attachments
HMRC have notified their tax agents about yet another cyber security threat in the form of malicious Microsoft Office email attachments.
HMRC have highlighted a current example, which uses a fake HMRC letter to inform the recipient about a tax debt. In many cases, parts of this attachment appear redacted with an enable content prompt in a ruse to get the reader to disable security features.
More recent versions of Microsoft Office now open documents received from the internet in a protected view which helps to prevent many features from running, unless the user selects enable editing and/or enable content. This includes items such as macros and Dynamic Data Exchange (DDE), which provide advanced functions to users. Cyber criminals are using these features to download and run malicious programs via the internet.
These attachments are designed to trick the user into enabling the content and, in so doing so, unwittingly disable the security feature. Files using the DDE function trigger a prompt stating, “This document contains links that may refer to other files. Do you want to update this document with the data from the linked files?” A second prompt then typically authorises an application to download and run a malicious program. This form of DDE exploitation was restricted in Word following an Office update back in December 2017 but users with older software are a soft target.
Always be extremely vigilant when receiving an unexpected Office document email attachment. Remember that a genuinely protected document, which uses the built-in encryption feature, requires a password to open the document.
Keep your software updated
To help avoid instances such as these do also ensure that you keep your software up-to-date so that you will benefit from software provider’s latest in-built security features and updates.
Further reading on Cyber Security
There are a number of sites you can visit if you require any additional information on Cyber Security.
- Cyber Aware https://www.cyberaware.gov.uk/
- Kent Police Online Safety https://www.kent.police.uk/advice/online-safety/
- National Cyber Security Centre (NCBS) https://www.ncsc.gov.uk/
- GCHQ https://www.gchq.gov.uk/topics/cyber-security
It is worth remembering this simple rule – if you are in any doubt about the authenticity of an email and email attachment, simply delete the email.
Always be on the lookout for cyber attacks in the forms of unexpected emails and attachments and as Shaw Taylor of Police 5 used to say, “keep ‘em peeled”.