Unsafe Email Attachments | Phishing

Dangerous email attachments are a common method used in phishing schemes to trick a victim into downloading malware to their device.

Although files may appear innocent, did you know that almost any file type can house dangerous malware that can infiltrate, steal, and corrupt your data?

Spotting dangerous email attachments

Generally speaking, you shouldn’t open any attachments when you are not completely sure of the content or have doubts about the sender. However, as phishing schemes become more and more advanced it is becoming ever easier to fall into the traps they set; but by educating yourself on the tactics used by cybercriminals you can avoid becoming victim to one.

Here are a few file types to watch out for and why:

.exe files
.exe is the abbreviation for an executable file and is one of the most popular forms used by hackers. It’s common for someone to encounter a genuine .EXE file online as they are used for most programme installations, but when encountered in an unsolicited or suspicious email it’s best to delete it.

Compressed files
Compressed files are designed to reduce the file size of attachments, so there are plenty of genuine circumstances in which someone may encounter a ‘zipped’ folder. The problem doesn’t lie with the compressed file itself, but with the contents. Compressed files can hide a variety of unwanted programmes aiming to infect your device, so if you are unsure of the sender or weren’t expecting any large files that would require compression – do not open!

ISO files
ISO files are used to make a copy of everything on a disc and are used legitimately to distribute operating systems to new devices. There is no real reason why someone would send you an ISO file without malicious intent, so if you spot this file you must delete the email immediately and notify your IT security team.

Installers
Much like .exe files, installers are a part of everyday online life. Any email that contains an installer file (.msi, or .dmg on a Mac) should be deleted as it is highly unlikely that anyone legitimate would send one as an attachment.

Office documents
Receiving office documents (.doc, .xls, etc) are a common part of the workday for the majority of people, therefore it wouldn’t be out of place to see one attached to an email – even from an unknown source. But hidden inside these seemingly innocent files could be embedded malware aiming to steal personal data or corrupt your device. Always exercise caution when opening documents from unknown sources, and read the email thoroughly – are they demanding something? Have they misspelt a familiar person or business’ name? These are all key indicators that an email is less than genuine.

Protecting your devices

Informing yourself and your team of the ways in which hackers may try to infiltrate your device is the first step towards protecting your network, but you can’t rely on personal vigilance alone.

There are various forms of phishing and spam protection that you can implement to make sure malicious emails never reach your inbox. Get in touch with one of our RedSpam specialists and find out how we can help protect your network from dangerous emails.