Macros are most often used in Microsoft Word and Excel. Although intended to be time saving, macros do come with a security set back. Anyone can write a macro to automate any number of tasks, one of which could be with malicious intentions. One of the most recent macro scams, called Locky, disguises itself as an invoice with an attached word document. Once opened and macros enabled, the attach encrypts your files and provides a note on how to receive the key to access your files.
If Microsoft Macro Protection is enabled, a yellow bar appears at the top of the program with a shield icon and a button marked “Enable Content.” The malicious macro cannot run until you click the enable button, however with the file appearing to come from a trusted source often times the user will enable the macro thinking its required to view the information. Often times the text inside the document will also contain instructions on how to run macros and bypass the security so that the document can be viewed properly.
Microsoft Word and Excel both have macro security features but users still need to be extremely cautious with running macros. Always double check the source of the document and even consider letting IT look at it before you enable macros from a source you do not know.