How To Spot
Potentially Dangerous Email Attachments
Reading the contents of an email should be safe if you have the
latest security patches, any type of file can be attached to an
email... some can be dangerous, including .exe program files. Many
email servers will perform virus scanning and remove potentially
dangerous attachments, but you can’t always rely on this. Look for
some of the common warning signs so you can avoid viruses, worms, and
trojans.
So-called “phishing campaigns” go after high-value corporate
and government targets and use email attachments to take advantage of
previously unknown security vulnerabilities, these Email attachments can be
dangerous to anyone.
File Extensions That Should “Raise The Red
Flag”
The easiest way to identify whether a file is dangerous is by its
file extension, which tells you the type of file it is. For example,
a file with the
.exe file
extension is a Windows executable
program and
should not be opened. Many email services will block these type of
attachments.
However, .exe isn’t the only type of dangerous file extension,
other potentially dangerous file extensions that can run code
include:
.msi, .bat, .com,
.cmd, .hta, .scr, .pif, .reg, .js, .vbs, .wsf, .cpl, .jar to
name the more common ones.
This is not an all inclusive list — there are many different file
extensions in
Windows that will
run code on your computer when executed.
Office files with
macros can also harbor potentially dangerous code. If an Office
document extension ends with an m, it can — and probably does —
contain macros, ie: .docx, .xlsx, and .pptx should be safe, while
.docm, .xlsm, and .pptm can
contain macros that
could be harmful.
Some businesses use macro-enabled documents, so in the event that it
may be a legitimate email attachment, you’ll have to exercise your
own judgment.
In general, you should only open files with attachments that you
know are safe. Image files such as .jpg and .png should be safe.
Document files with the extensions .pdf, .docx, .xlsx, and .pptx
should also be safe —
although
it’s important to have the
latest security patches
so malicious types of these files can’t infect you via security
holes in Adobe Reader or Microsoft Office.
Compressed Files, Especially Encrypted Ones
In an attempt to make it around email filters, someone may email
you malicious file attachments compressed in an archive —
especially an encrypted one. You may receive an email with a .zip,
.rar, or .7z file and its password, in which case you would need to
download the archive file and extract its contents with the password
to access them.
The password-protection — or encryption — on the archive
prevents email scanners and anti-virus programs from detecting the
malicious nature, so it’s very possible that the archive could
contain malware, or a virus. Password-protected archives are also an
effective way to email sensitive files, you will need to use your
judgment once again if it could be a legitimate email.
Know The Sender?
Looking at who an email was sent by can help you identify whether
an email attachment is malicious or not. Be warned! an attachment can
be malicious even if you know the sender! If their computer has
become infected, a malware program may send you emails from their
email address, disguised as emails they would send.
If you get an email from someone you don’t know with a
questionable-looking attachment, it’s probably malware. If you
receive a macro-enabled Office document from someone you’re not
expecting one from, exercise extreme caution.
On the other hand, if your boss tells you in person that he/she
will email you a macro-enabled Excel spreadsheet and you get an email
from him/her with an .xlsm file later that day, the attachment is
probably safe.
If you’re not sure whether someone sent you a suspicious-looking
email attachment, you may want to give them a phone call or ask them
in person. If they didn’t send the attachment, they’ll appreciate
the warning that their computer is infected or their email address
has been hijacked.
The Email Itself
The email contents can also offer clues. If you get an email from
someone you know and something seems not quite right, it may be
written by malware or a hijacker. Such emails could also be phishing
emails without any dangerous attachments, though a reply from you
could be — for example, if you get an email from someone you know
saying they’re trapped and need you to wire some money with Western
Union, this could easily be a phishing attempt.
If you get an email from
FedEx or UPS and it asks you to download an email attachment and run
it, that’s another red flag. Legitimate businesses will never ask
you to download and run programs attached to an email.
Chain-mail
Although not usually
directly malicious, these are widely used for email address
harvesting, which allow spammers to start sending UN-solicited offers
to huge volumes of accounts that they now know are real accounts.
These are the ones that ask you to please forward the email to your
friends, or “xx” number of friends to “see something great”.
You can reduce the amount of spam email you get by not falling into
the Chain-mail loop.
Anti-virus Alerts
If you’re using a web-mail service like Gmail, Yahoo!, or AOL,
your web-mail service will automatically scan incoming attachments
for malware and inform you if the attachments are dangerous. If you
see such a warning that an attachment is malicious, you should not
download it! The text of the email may ask you to ignore any problems
and assure you that the attachment is actually fine, but this would
likely be a trick.
If you download an email
attachment and your desktop
anti-virus program flags
it, stop right there. Don’t click through the warning and
run it anyway — trust your anti-virus program thats why you have
it.
Bear in mind, however,
that anti-virus
programs aren’t perfect and
they
will
miss things occasionally, so you can’t only rely on your
anti-virus.
An attachment could be dangerous even if your
anti-virus
does not flag
it.
Exercise Healthy Suspicion
When it comes to email attachments, you should exercise extreme
caution and assume the worst. Don’t actually download or run an
attachment unless you have a good reason to believe it is ok to do
so. If you’re not expecting an attachment, treat it with healthy
suspicion. If it’s an image attachment, that’s probably okay,
PDFs should be okay if you have the latest security updates, too...
but if you’re not sure what something is... you should not run it.
Your web-mail client’s preview features can also help. You can
preview PDF files, documents, images, and other types of files in
your browser without actually downloading them to your computer.
Knowledge of what you see in front of you and the ability too
analyze it before acting on it... can keep you, and potentially all
the people you send emails to, just a bit safer on the internet.
