Dangerous Email Attachments: What You Need To Know To Stay Safe

Warning signs for email attachments that spell danger

These days the phrase ‘avoid the virus’ means more than just taking the necessary steps to secure your personal health. It also means taking the necessary steps to secure the health of your digital work platforms and networks. With office routines turned upside down and remote work now the norm - it's likely that lapses in judgement about online security will happen, and it’s important that anyone working remotely keep security front of mind.

One major risk? Email attachments.

Why are email attachments dangerous?

Any email attachment can carry software that cyber criminals have developed specifically to damage or exploit your device or network. Because that software has been designed with malicious intent, we use the term ‘malware’ to describe it. It's primarily deployed by using phishing as a tactic.

Opening a suspicious attachment can launch malware—malicious software designed to harm or exploit your device or network. It may be hidden in a document, PDF, image or presentation and often delivered through phishing emails.

What types of malware come through email attachments?

1. Phishing

Phishing is a human-to-human con job conducted by email. Cyber criminals’ goal is to lure the email recipient into believing that an email attachment contains vital information, either about their health, wealth or career, or about important business procedures.

Phishing uses social engineering to trick you into opening a harmful file. These attachments may:

• Install keyloggers

• Take screenshots

• Steal login credentials or financial info

• Spread across your network

It can also clog your computer and spread throughout any network you use, not just disrupting your own computer operations but those of people you deal with online.

2. Ransomware

Ransomware, a form of malware, locks your data or device until a ransom is paid. It’s often delivered through malicious attachments disguised as business documents.

What email attachments are regarded as high risk?

Email attachments will have two or three letters after the file name and the full-stop. Those letters indicate the type of file that is delivering the information in the attachment. If you know more about which file types attackers like to use, you’ll be better prepared to identify suspect files.

Exe files

An executable file (.exe) has encoded instructions that tell a computer system set a function in motion. That function might be to install or run a new software application. Although exe files are often legitimate Windows applications, attackers can also use them to distribute viruses, ransomware or other malware.

Compressed files

Compressed files have a lot of valid uses, particularly when co-workers are working remotely and need to send large volumes of information.

Basically, compressed files allow workers to bundle up multiple files or folders into a single container file and shrink it to a size that can be more easily and quickly emailed.

But just because you get a compressed file, doesn’t mean you know what’s in it. That’s why attackers love them. Compressed files can be used to hide or obscure malware.

Although there are compressed file extensions you might be familiar with (such as: .zip; .rar; .sitx; .gz), it’s worthwhile knowing that there are many more.

Microsoft Office documents

No longer the simple static files they once were, Microsoft Office documents now offer new functionality for users in the form of  macro and scripting capabilities that work in much the same way as executable programs — telling systems to run processes. That added functionality comes with the opportunity for attackers to embed their own scripting and malware. So, the next time you’re about to open a Word document, Powerpoint presentation, Excel workbook or template, check to make sure you were expecting the attachment.

ISO files

In mid-2020, Microsoft warned of emails that trick users into downloading ISO file attachments. These files have a remote access trojan that gives attackers control over the infected device or host network.

The warning was timely, as until now, ISO files carrying malware had been relatively rare. Often used to archive or transfer large data. Now, they’rebeing exploited to deliver remote access trojans.

Should I open an attachment from an unknown sender?

No. Even if you have antivirus software, it’s not foolproof. Treat any unsolicited attachment as suspicious, even if it appears to come from someone you know. Malware can spoof or hijack email accounts.

Although you may have installed security software designed to catch and protect your device from malware, it’s not faultless and you shouldn’t consider it your only line of defence against attackers.

You should be immediately wary of any email attachments from unknown or suspicious sources.

Best practice is to report suspicious emails to your IT department, or using our Phriendly Phish Reporter.

How can I avoid viruses from email attachments?

There are five simple steps you can take to avoid unsafe email attachments.

1. Use antivirus software

Although antivirus software is fallible, it is a proven defence against the majority of attacks.

Make sure you install issued patches and update it regularly, and that your system is configured to scan all attachments or images embedded within emails or instant messaging attachments.

2. Back up your system regularly

Having a good and regular back-up regime is essential. Having an offline system backup copy is even more important. Although you might have online back-up protocols, there are still indirect paths through which backups can become infected with a virus. Your best to defence is have your secondary system copy offline.

3. Do not open attachments in emails that have bad grammar

If the phrasing in an email seems ‘off’ as if the sender has put it through a bad online translation server, then chances are that any attachments to the email will be ‘off’ too.

4. Do not open unsolicited attachments

The first and best way to avoid being caught out is to never open an email attachment that you were not expecting, even if it comes from a sender you know.

That’s because there are viruses out there that can ransack your senders’ contact lists and trigger email attachment spam that sends itself to everyone on those lists.

Just because you know the sender doesn’t mean that they actually sent the email you received.

5. Do not open attachments with strange file names or double extensions

While it may seem obvious not to open files with names like “yourwinnings” or “freemoney”, it can be less obvious when file names suggest they have important information to do with tax or banking, invoices, healthcare, parcel delivery or even administration of your online devices.

The best test is to think about how you would name a file. If a file name is overly long with lots of letters and numbers, has special characters (?, *, %, #, % etc) or has multiple file extensions (filename.jpg.exe), then it should ring your warning bells.

What should I do with a suspicious attachment?

If you do think you’ve received a suspicious email attachment, don’t panic. Unless you interact with that attachment, it’s unlikely that malware will be activated. The source of the email will determine what other steps you can take to protect your device.

If it’s from someone you know:

• Don’t  reply to the email
• Call the person to confirm they sent it

If you have received an unexpected email attachment from someone you know or from a company or institution you work or deal with, do not to hit ‘reply’ to the email even if your intentions are to check if it’s legitimate. Such action could put malware in motion. Instead, it’s worth giving the sender a quick phone call to make sure they intended to send you the email.

If it’s from someone you don’t know:

• Do not open or forward it
• Report it to your IT team

If you don’t know why you have been sent an email with an attachment from someone you’ve not dealt with previously, then there’s a high chance someone is trying to bait you to open the attachment.

Do not open it, reply to it, or forward it to anyone else. You should report it to your company’s IT team and follow their protocols. Generally, deleting the email and then emptying your ‘trash’ folder will remove the threat.

If you feel you have to view the information it contains, you could save it to your computer and manually scan the file using your anti-virus software. If the file is clean and doesn’t seem suspicious, you can open it.

Conclusion

Malware does not install itself.

Interacting with an unsafe email attachment by opening it, forwarding it or replying to it can set a chain of events in motion that can have serious consequences for you, your device and even your organisation.

However, by being more aware and vigilant, and by taking a few simple steps, it is possible for you to mitigate many of the risks from malware.

These are tips that everyone in your organisation should learn, particularly during this time of operational disruption when cybercriminals are most active.

Take a coordinated approach to cybersecurity and shore up your defences with cyber awareness workforce training from Phriendly Phishing. Book a demonstration with us today.