Don’t Open Any Unknown Excel Attachments – They May Be Phishing Scams

A new Excel document has been circulating various finance companies as an attachment containing phishing malware.

Cyber security firm ET Labs has recently detected a new type of phishing scam. In conjunction with fellow cyber security firm Morphisec, they uncovered that the scam uses an Excel spreadsheet to run programs that can harm the user’s devices.

Scam emails are nothing new, but the methods within them are constantly evolving in order to trick even the most savvy computer users into clicking a tempting, harmless-looking link. A recent scam made off with over half a million iCloud images by asking for users’ iCloud logins under a false, yet convincing email address.

Cyber scams and phishing attempts are on the rise, showing no signs of slowing down. Unfortunately for consumers, a lot of security measures are responsive rather than proactive, so it pays to constantly be on the lookout for suspicious emails or links.

What Does the Attachment Do?

This new phishing campaign, otherwise known as MirrorBlast, first surfaced around September of this year. As so many do, this campaign takes the form of a fairly innocuous email with a link inside. Clicking this link will take you to an Excel spreadsheet that contains “lightweight embedded macros,” which, when activated, can wreak havoc on a computer. Macros are scripts for automating tasks, and when legitimate, entirely harmless. The fact that these macros are so lowkey means that malware detectors often fail to pick them up.

If this doesn’t make sense to you, the best analogy is basically like a letter versus a parcel. If you were to receive a large mysterious parcel, you might think twice about what’s inside, which could make you a bit apprehensive about opening it. However, if you received a mysterious letter, even if the envelope was suspicious, you’d probably open it, because how dangerous can it be?

This is basically the logic behind this phishing campaign. Excel spreadsheets are pretty low down on the list of potentially dangerous documents, so it’s easy for a computer’s security systems to pass it over entirely.

These links are often sent to finance businesses, as they have a lot of sensitive client data that can be harvested by these macros. This is not the first time that macros have been used in attacks like this, as Microsoft has previously made efforts to patch this loophole. However, groups have consistently worked their way around these fixes.

Cyber Crime on the Rise

While this is a somewhat unique form of cyber crime, this is simply one of many thousands when it comes to phishing scams. Cyber crime has had a meteoric rise in the past year, as working from home and lockdowns has increased our screen time from anywhere between 50 to 70%.

Due to this increased potential for cyber crime, hackers and phishers have exploded onto the scene, trying all sorts of various scams in order to trick people out of their money and data. While they’ve always been a constant, and will be for as long as we have computers, there has been a massive spike in things like password theft.

As for the specific motive of this Excel scam, there is a clear financial motivation. While the perpetrators of the scheme aren’t officially known, the practice is very similar to that of a financially motivated Russian group that has been designated as TA505.

“TA505 is most known for frequently changing the malware they use as well as driving global trends in malware distribution.”

Morphisec researcher Arnold Osipov

How to Protect Your Business and Yourself Online

When it comes to cyber security, you can never be too safe. For example, this scam bypassed a lot of security and malware detectors, so the main line of defense is always your own judgement. If a link or email looks suspicious, it can always pay to give it a second thought before clicking.

However, cyber lines of defense are always being updated and improved. There are thousands of ways that people can try to worm their way into your wallet or data, and these can be stopped by using the right software.

Anti-virus software is crucial for any business, as they’re often the target for more high profile hacker groups. And that’s just one of many tips that could stop your business from taking a substantial hit.

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at

Written by:
Duncan (BA in English Textual Studies and Game Design) is an Australian-born senior writer for Tech.Co. His articles focus on website builders, and business software that allows small businesses to improve their efficiency or reach, with an emphasis on digital marketing or accounting. He has written for Website Builder Expert and MarTech Series, and has been featured in Forbes. In his free time, Duncan loves to deconstruct video games, which means that his loved ones are keenly concerned about the amount of time he spends looking at screens.
Explore More See all news
Back to top
close Thinking about your online privacy? NordVPN is's top-rated VPN service See Deals