I tested the doc file to see when the alert is sent. I downloaded the canarytoken file and added your fake details to the file. I password protected the file just to add to the authentication that the file is real.
So there are two password settings for a word doc.
to access the file
to read and write.
It is not till you enter the password successfully and selecting read only or , does the alert get sent. Not when they try entering the wrong password, just a successful access.