Microsoft Word Honeytoken Enterprise
A Microsoft Word honeytoken embeds a hidden trigger in a .docx document. Opening the file records the interaction and raises an incident.
Category: File
Configuration
| Option | Required | Description |
|---|---|---|
| Note | Yes | Where you placed the honeytoken |
No extra options beyond the note.
After creation
Download the .docx file from the wizard.
Placement examples
Download the document and place it where an attacker might browse:
- A shared network drive folder named "Backup", "Archive", or "Old" : folders that IT might legitimately create but that no day-to-day workflow touches
- A cloud storage path like SharePoint > Finance > Restricted or Google Drive > HR > Confidential, where access requires elevated permissions
- A home directory or desktop of a service account that is never actively used
Rename the file to something enticing if appropriate (e.g. salary_review.docx, confidential_memo.docx). When someone opens the file, you receive an incident.
