Is this possible that someone email me a word document and that has tracking macro?

Is this possible that someone could email me a word document and that has the ability to track input information? If someone wants to track my personal information, lets say someone sent me a template but that has tracking so whatever I write or whoever I send that document someone can track and know about that? Is that possible in a word document. Also what are the ways to make sure that whatever informations in the word forms we provide is not being tracked or ways to remove these tracks(Macros)?

MS Connects

Posted 2018-02-16T02:30:27.137

Reputation: 41

Answers

Maybe.

It is definitely able to be done in a macro, but hopefully your security setting should automatically warn you before it is a problem.

By default Word and the other Office packages should be set up to not allow macros to run automatically. It is entirely possible though that someone set your copy of Word to run untrusted code automatically which is the worst thing you can do. By default you should get a warning bar stating that the document has macros that need permission to run. You should hopefully see something like this between the ribbon toolbar and your document:

The document extension also matters. If someone has sent you a a file with a docx or dotx extension then these should not have macros in them and Word will warn you if they do.

In newer versions of Word you should, in theory, not be able to save or load a document as docx or dotx with macros enabled. A macro enabled document has the extension docm or dotm. Renaming a docm to docx should give you a security warning when you load the document.

Macro enabled office documents should also have an exclamation point on them to clearly denote that they may run untrusted code.

There is no way to see this quickly with older .doc files, note there is no "x" or "m" at the end of the file extension.

The best thing you can do is to disable macros entirely and then enable the developer tab. Clicking the "VBA" button on the developer tab will allow you to browse the document to see if it has any active code.

This advice doesn't address any exploits or malformed documents created by nefarious parties that may somehow be able to abuse the system to circumvent restrictions.

You should always be wary of documents given to you by strangers and only open documents you trust.

Mokubai

Posted 2018-02-16T02:30:27.137

Reputation: 64 434

I believe that is possible. I don't consider myself an expert at macros, but I've made quite a few. I know that you could do something similar to having an excel document send an email with data from fields fairly easily. I believe the macros in excel and word work very similarly.

I would not work on a word document that you do not trust, with macros enabled. I believe there's always a way to view the code for a macro on a document, but I could be wrong about that. I'm not 100% certain that there's not a way to hide macros.

You can either disable macros, or view the macro, and check to see what the code does for yourself.

trueCamelType

Posted 2018-02-16T02:30:27.137

Reputation: 429

Jut to add that Macro can do A LOT of things. Lots of malware comes from office documents with the macro enabled sent as phishing attack to various organisation. Info from Norton - https://us.norton.com/internetsecurity-malware-macro-viruses.html (no not affiliated with norton)

– Darius – 2018-02-16T03:34:51.570