Get access to hundreds of financial resources as an RFP INSIDER

Learn More

Resourceful Finance Pro

Threat alert: New malware attacks from Excel files

Brian Bingaman
By: Brian Bingaman

About the Author

Brian researches and writes about accounts payable and CFO management trends. He was a newspaper journalist in suburban Philadelphia for nearly 20 years.

Show Less
Last Updated: October 25, 2023
1 minute engagement
AI Fraud

Got an Excel attachment in your email? Double-check it before downloading – it could be infected with malware.

In its 2021 Q4 Threat Insights Report, HP’s Wolf Security service detected a dramatic 588% surge in computer and network malware infections involving Excel add-in files that end in .XLL.

Double-clicking these attachments or links opens Excel, which then prompts the user to install and activate the add-in. These particular malware attacks don’t require the user to exit Excel’s Protected View and enable macros.

Prevent Excel malware sneak attacks

The HP Wolf Security report offered three different options for organizations to protect themselves from .XLL malware attacks:

  1. Have IT configure your firm’s email gateway to block inbound messages that have .XLL attachments. Some email gateways already do this because .XLL files are dynamic link libraries, a type of file not typically sent by email.
  2. Configure Excel to allow only add-ins from trusted publishers. From the File menu, click on Options, then select Trust Center and click on the Trust Center Settings box to the right. Trusted publishers, locations, documents and add-in catalogs are the top options in the Trust Center menu.
  3. Configure Excel to disable all proprietary add-ins. This can be done under “Add-Ins” in the Excel Trust Center Settings.
Filed under

Free Training & Resources

White Papers

Consolidation 3.0: The future of finance is here

Webinars

Eliminate Burnout and Boost Efficiency: Learn How Modern AP Solutions Create Happier, Higher-Performing Teams

Webinars

From Data Entry to Data Engine: How AP Automation Fuels Smarter Decisions

White Papers

How Expanding Cost Drivers are Rewriting the CFO’s Healthcare Playbook

Resources

Further Reading

SEC Approves Accounting Rule Changes

Accounting firms face tougher fiduciary duties as the result of three new federal rules. The Securities & Exchange Commission (SEC) ...

Deep fake AI scam fleeces firm out of $25 million

A finance employee at a multi-national company recently transferred money at the direction of the CFO during a video call. Other finance co...

$90M Payroll Tax Fraud Allegations Expose Staffing Vendor Oversight Risks

Client companies thought they were outsourcing payroll and HR compliance to a vendor. But the tax exposure never really left their books. ...

Tech CEO Off to Jail for Cooking the Books

The wave of tech fraudsters landing in the slammer rolls on. Elizabeth Holmes of Theranos infamy, crypto hustler Sam Bankman-Fried … ...

How did this billion-dollar company not notice a finance staffer was robbing it blind?

The most common reason companies get ripped off by dishonest employees? Lack of oversight. The Jacksonville Jaguars football franchise i...

Customer Fraud is Soaring: Steps to Take

CFOs know not all prospects are what they claim to be. Potential clients will stretch the truth to get a line of credit that’s bigger...

Privacy Policy | Terms of Service
Copyright© 2026 SuccessFuel
preloader