The Office of Information Security has identified a trend in which malicious emails include attachments (e.g. .doc or .xls) that, when opened, instruct users to “Enable Content” to view “active content” that has been disabled. These attachments often contain something with a name referring to something financial in nature like “Transaction,” “Invoice,” “Payment,” or “Payroll”. We urge you to exercise extreme caution with any email attachments purporting to be solicitations or from unknown business associates. Do not “Enable Content” if you receive an email similar to what is described in this post. Doing so will install malicious software on your computer. Below, you will find an example of this warning in Microsoft Word.
If you see the “Enable Content” warning pictured above, you should consider it a very likely sign that the email is malicious. If you have any doubt about the authenticity, please pick up the phone and contact the sender to confirm that they did, in fact, send the message. It is a best practice to refrain from sharing any personal or financial information via email.
If you receive an e-mail such as this or any other suspected phishing attempt, please do not click on any links or download any files from the e-mail. Simply forward the e-mail to phishing@wustl.edu and delete the e-mail from your inbox.
If you have additional questions or concerns, please reach out to us at the Office of Information Security at infosec@wustl.edu. We appreciate all that you do to keep our university secure.
Further reading about similar threats
Sophos News: Trickbot campaign targets Coronavirus fears in Italy
https://news.sophos.com/en-us/2020/03/04/trickbot-campaign-targets-coronavirus-fears-in-italy/