Word and PDF have different risk points. It's more common in word than in malicious macros. You see " enable content/enable macro " and do not use it as a default button. Whether or not this document has a credible source, digital signature or internal release template is enabled. The attachments that come from outside mail, especially when you fill out the information, get you to confirm the contract, get you to open the patch note, are basically not for yourself. Even if you're just looking at a form, once the macro is implemented, the follow-up may be more than just an indication of the problem, it may start stealing or delivering a malicious program directly。
A lot of people in the PDF can fall. Because the PDF seems to be reading, a lot of people are going to double-click it, and they think it's a description document. But now there are people who make it very real, like double-suffling, which looks like xx. PDF, and icons, but it's a different program to run. There's also a worse way of mixing dangerous contents in a condensed bag, outside a normal compressed file, and stuffing something like a document. Unknowingly, you unplugged and opened the entrance。
And there's another thing that's easy to ignore: even if you don't have sensitive information, it doesn't mean you're safe. Because many of the horses are aimed not only at taking documents, but may also stare at your account number, your browsing behaviour, or you can do it next time you log in, next time you connect to the network. That's what happened in reality, when the computer didn't look unusual, but the backstage had already collected the voucher information and it took some time to discover it. The consequences would have been more cumbersome had it not been for the timely reporting and disposal requirements in the workflow。
Our unit's approach is now more “stable”. Strange mail attachments do not go directly to check the sender first; check the intranet security check if you need to see them; default on hand-sliding when you come up with a hint like “enabled content”; PDF file suffixing, using as much as possible the standard reading method as possible, and not using strange software. There are real problems, such as computer anomalies, internet access, and anomalous account entries, which must be reported in the process at the first instance, rather than “see first”. This time of operation is often an additional opportunity for recovery。
Personally, i feel that the secrecy sounds like a long way from us, but it's like, “you don't know, you don't know, you can ask more”. Don't make habits safe. Use tips as invitations. Looks like a button, but it could be a chain behind it. Rather than regret it later, each click should be treated as a risk assessment, taking it seriously, which would block most of the troubles。
