⚠️ Security Warning

ClickFix lures can lead to malware and computer viruses. If you see text like this online, it's likely a scam.

Back to Techniques

Office URI schemes (ms-word/ms-excel)

Office apps support URI schemes (e.g., ms-word:, ms-excel:) that can be invoked from browsers/links to open documents directly in Office. Adversaries may deep-link to remote docs to stage follow-on actions (macros, links, etc.).

windows gui File Explorer GUI

Open Excel via URI (safe demo)

Try Example
GUI File Explorer

Demonstrates launching Excel using an Office URI pointing at a benign URL.

  1. Press Win-R

  2. Type: ms-excel:ofv|u|https://example.com/sheet.xlsx and press Enter

  3. Excel opens (may prompt based on policy)

References:

Mitigations:

  • Harden Office to block internet macros; warn on external sources

  • Educate users about links that launch Office directly

Contributor: ClickGrab (2025-09-16)