I got an email address last night from someone claiming to be working for a Japanese company, wanting to hire me to help with passing funds along in the US. This could possibly be a normal 419 scam, however they want me to sign a document before continuing. Part of me thinks it’s a 419 scam that is overly complicated, but another part of me thinks this might be someone recruiting for money laundering. I want to dig deeper, but I am worried their might be something malicious with the docx file they have sent me. Is it possible that it’s malware? I have a VM ready for these kinds of things, but I want some opinions on what I can further do to ensure my safety when downloading this file from a scammer.
There are sites online that scan files.
Though I’m not sure how you would be able to scan it without downloading it.
Docx files can have macros in it that can give you malware. You could probably run on a web docx viewer or https://app.any.run/
Can these macros run automatically, or does the docx need to be opened?
Opened and you need to allow the macros.