Excel Spreadsheet Fraud: Is Your Data Safe?

What are Excel macros?

In Microsoft Office suites, macros exist as a type of functionality that allow you to automatically run tasks that are executed repeatedly.

Think of a macro as a tool for recording the steps you take when performing a particular task in an Excel file. When run, the macro automatically records your mouse clicks and repeats those steps as many times as you want. For Accounts Payable (AP) teams, macros help save time by automating many repetitive tasks.

When executing a macro, a piece of programming code runs, but you don’t need to be a coder to set up macros in an Excel spreadsheet. However, if you wish to make advanced modifications to a macro, knowledge of Visual Basic Applications, or VBA, code will be required.

How do macros help Accounts Payable teams?

Every day, AP teams create spreadsheets to run reports, generate financial statements, prepare payment files and much more.

In many cases, AP officers are using Excel to solve problems that they have already solved many times before. In such situations, it makes sense to create macros to automate the process.

For example, suppose at the end of every month you need to generate a report of outstanding invoices your organisation needs to pay to suppliers. In these reports, you want to highlight outstanding invoices in red and apply bold formatting. With macros, you can quickly and easily apply such formatting.

Macros can help a department run much more efficiently – a terrific thing at a time when AP teams are busier than ever!

Why are macros risky?

Eftsure recently reported that hackers are actively looking to embed malware within macros. When an unsuspecting victim opens an .XLS file, the malicious code is automatically executed.

Cyber criminals are using macros as a vehicle to automatically and secretly execute malware whenever the macro runs. As mentioned above, it is possible to edit or create macros using VBA code. Malicious actors use VBA code to craft malware, then embed this code into Excel macros, usually via an infected document.

The malware can then use VBA “shell” command to run arbitrary commands, or the VBA “kill” command to delete files. The “AutoOpen” function in Excel enables it to automatically run, whilst the “AutoExec” function allows it to automatically execute.

Unlike a traditional phishing attack, which requires the victim to actively click on a dangerous link or open a dangerous attachment to run malware, malware payloads delivered via macros do not require the victim to actively click or open anything. This makes them particularly difficult to detect and stop.

All it takes is for one AP team member to enable macros in an Excel spreadsheet and they could be putting the entire organisation at risk.

Malware could open the door to malicious actors, allowing them to infiltrate email systems and compromising sensitive information. It could pave the way for the manipulation of supplier data in ERPs or Vendor Master Files as a prelude to carrying out a Business Email Compromise (BEC) attack.

How to protect your AP team from malicious macros

Whilst Microsoft announced that macros would be disabled by default from Excel version 4.0 onwards, it will still be possible to change Excel settings in order to enable macros. Given the efficiency benefits of macros for accounting teams, it is likely that many AP personnel will opt to enable macros in their Excel spreadsheets.

That’s why it’s important that AP teams understand the risks involved, and take appropriate precautions to use macros safely.

Here are some strategies to help mitigate the risks the come with using macros:

1. Only enable macros for specific AP staff that rely on them on a regular basis
2. Make sure macros are disabled when they are not required
3. Ensure your organisation has Microsoft’s Anti Malware Scan Interface (AMSI) enabled which can detect malicious macros
4. Ensure you are using the latest version of MS Office and that it is always kept updated to reduce the risks of malware
5. Install Windows Defender Exploit Guard which can reduce your attack surface and help protect your organisation from a range of threats known to exploit macros, including automated API calls and block hidden code from executing.
6. Provide training to AP staff on the risks of macros, so they understand they must act with extreme caution if they have not been disabled

How Eftsure can help

Excel is an indispensable tool for AP teams. Macros are a useful function that enable AP teams to perform more efficiently and effectively. Unfortunately, macros also present a range of serious risk of excel spreadsheet fraud that can allow malicious actors to infiltrate your emails systems, manipulate your data and launch Business Email Compromise attacks.

AP teams that rely on macros remain vulnerable to a range of threats that cannot be fully mitigated.

However, with Eftsure sitting on top of your accounting processes, you can rest assured that even if malicious actors use macros as a vehicle to launch a BEC attack – you can be protected!

Our proprietary database comprises banking data from over 80% of actively trading organisations in Australia. You can verify in real-time, immediately prior to processing EFT payments, whether the funds are being sent to the intended recipient. So, even if you have been subjected to a malicious attack, you are safeguarded against severe financial losses.

Contact Eftsure today for a full demonstration of how we will protect you from increasingly sophisticated cyber-crime.