Skip to content

Microsoft Excel Honeytoken Enterprise

A Microsoft Excel honeytoken embeds a hidden trigger in an .xlsx spreadsheet. Opening the file records the interaction and raises an incident.

Category: File

Configuration

OptionRequiredDescription
NoteYesWhere you placed the honeytoken

After creation

Download the .xlsx file from the wizard.

Placement examples

Download the spreadsheet and place it where an attacker might browse:

  • A shared network drive folder named "Backup", "Archive", or "Finance"
  • A cloud storage path like SharePoint > Finance > Q4 Reports
  • A home directory or desktop of a service account that is never actively used

Rename the file to something enticing if appropriate (e.g. passwords.xlsx, employee_salaries.xlsx). When someone opens the file, you receive an incident.