Emails are a central pillar of modern communication. But emails can be dangerous too. A rogue email could be used to infiltrate or otherwise harm your computer. Any type of file (including executables) can be attached to an email as long as it doesn’t exceed the file size limit. Most email servers will scan attachments for malware and strip away suspicious files in order to satisfy their organization’s IT security audit requirements.
Nevertheless, attackers are constantly looking for new ways of getting past this first line of defense. So just because an attachment was deemed okay by your server’s antivirus doesn’t necessarily mean it’s clean. It’s important that email users understand the warning signs of malware so they can take the necessary precautions.
Here are some of the ways you can identify dangerous email attachments.
1. File Extensions
The easiest and oldest method of identifying risky attachments is by file extension. The extension tells you what type of file it is. The most dangerous files are executables (such as .exe files). Most email servers will block .exe files by default.
Nevertheless, the focus on .exe files has often obscured the wide range of file extensions that shouldn’t be allowed through. These include .com, .bat, .msi, .cmd, .scr, .hta, .pif, .vbs, .reg, .cpl, .jar, .wsf, .js and more. Even this list isn’t exhaustive. Watch out for Microsoft Office documents that contain macros (.docm, .pptm, and .xlsm).
Since the list of potential file extension types is so large and ever-growing, err on the side of caution—Don’t download or open any file whose extension you cannot decipher.
2. Encrypted Archives
To hide the content of the attachment from email filters, an attacker may send you the file within an encrypted archive (i.e. a password-protected .7z, .rar or .zip file). To extract the files in the archive, you have to download and extract the contents using the password supplied. The encryption prevents antivirus programs and email scanners from examining the attachment’s contents.
Of course, encrypted archives are often used to securely email sensitive documents. So encryption shouldn’t be the only reason you consider an attachment dangerous. Use your judgement to evaluate whether there are other aspects of the message that you aren’t comfortable with.
3. The Sender
Just looking at who the sender of the email is can help you know whether it’s malicious. A sender you’ve never seen before is a red flag. Nevertheless, an email attachment may be dangerous even when the sender is known to you. Some viruses infiltrate email clients and send messages without the user’s knowledge.
The rule of thumb is that you should not download or open any attachment from an unfamiliar sender. If it looks like a credible email, look for the person’s or company’s phone number (don’t use the contact information on the email though) and confirm directly with them that they did indeed send the attachment.
It may be a legitimate message only that you haven’t been properly acquainted with one another. A good example is the teams formed as part of a large new project at work.
4. Email Content
The content of an email can tell you that something is a bit off. If the phrasing is awkward, it may have been auto-generated by a virus or it could be the incoherent wording of a hacker halfway around the world.
You should be wary of any email that requests you to wire money abroad through Western Union. Look out for emails that seek to appeal to your emotions (such as urging you to forward the email to everyone in your address book in order to receive a spiritual or monetary benefit).
Also, watch out for spoofing; an email that looks like it’s from your bank may not actually be from your bank especially if it asks you for your online banking password.
A malware infection can have a profoundly negative impact on your electronic data. That’s why you should exercise caution and always brace for the worst. Even when an attachment ticks all the right boxes, don’t download it unless you need to. Where your email client allows it, you can preview office documents, images, and PDF files. Overall, if you have any doubt about the motive of an attachment, don’t open it.