Data Doctors: The dangers of macros in Microsoft Office

Q: What are macros in Microsoft Office and what makes them dangerous?

A: Macros are one of the oldest and most valuable tools in the computer world, because they allow complicated instructions to be performed with a single command.

You can essentially record a long series of commands and save them to a shortcut for future execution to save time without having sophisticated coding skills.

If you use Microsoft Office, myriad useful macros can be created in applications such as Word and Excel – you can insert company letterhead into an existing document, or add formatted tables into a spreadsheet.

Macros are especially useful when you have a series of repetitive commands that you often use in just about any productivity software program.

The specific instructions for creating macros varies by program, so the best way to learn how to do it is by going to the Help menu in any program and searching for Create a Macro.

Malicious macros

This same powerful productivity tool can be used to create harmful results, though, because malicious macros can be hidden in official-looking documents.

This time of year, lots of attempts to compromise users arrive through official-looking tax documents via phishing email messages that can appear to be from the IRS, your employer or a payroll company.

The underlying coding tools can be easily manipulated to hide malicious code that will automatically and silently run when you simply open the document or spreadsheet.

This type of compromise is especially dangerous because it can execute the malicious code without you ever seeing what is happening, which is why it’s one of the methods used to propagate ransomware attacks. Ransomware needs time to go through your computer’s files and encrypt them in the background, so sneaking in silently is essential.

Lots of websites offer free macros that you can download to save time. That may sound tempting, but should be avoided. There’s no easy way for a non-technical user to know whether a macro is legitimate or dangerous, so stick to creating your own.

Disabling macros for security

In the past, you had to manually disable macros to protect yourself, so if you are using a really old version of Office, search the Help menu for Disabling Macros in all of the programs you use.

In current versions of Office, the default setting disables macros with a notification to the user that will allow them to enable it if they want.

This should only be done if you are certain that the document is from a trusted source, such as your own company’s corporate network or something that you created in the past.

If you don’t know what a macro is going to do, you should never enable it unless you can verify the contents.

If you share a computer with younger users, or don’t have the need for any macros, you can choose “Disable all macros without notification” in the Macro Setting of the Trust Center in Microsoft Office so the “enable” option never appears in the future.

Federal News Network Logo
Log in to your WTOP account for notifications and alerts customized for you.

Sign up