This blog article is the last in our three-part series on ‘How to protect your PC from email attachment Malware’. In last week’s article, Part 2, we described the first 3 out of 5 steps that our FraudWatch International experts advise to follow to decrease the likelihood of being infected by Malware via email attachment. This article details the remaining two steps.
4/ Analyse the attachment
Reading the content of an email should be safe if you have the latest security patches, but email attachments can be harmful.
Identify the attachment. What type of file is it? Do you absolutely have to open it, or download it?
For example, if it’s a copy of a newspaper article, say from “The Age”, you might prefer to use a safer method to access the article – Go directly to the website, and search for the topic of the article using the search bar on the Home Page.
Any type of file can be attached to an email. You can find out what type of file the attachment is, by looking at the file extension. There are a number of file types to be particularly cautious about. Below are the main ones:
Executable program files (files with the .exe extension) are Windows programs, and should not be opened. Most email services and anti-virus software will block these attachments, but you can’t rely on this happening perfectly every time.
However, .exe is not the only dangerous file extension that can run code when executed. You should also be on the look-out for these potentially hazardous file extensions (Note: This is not an exhaustive list): .bat, .cmd, .com, .cpl, .hta, .jar, .js, .msi, .pif, .reg, .ser, .ubs, .wsf.
Office document extensions ending with an ‘m’ (.docm, .xlsm and .pptm) indicate that they contain macros, which can potentially harm your system. Macros are particularly malicious when in the wrong hands.
Important! Some companies legitimately use macro-enabled documents, so you’ll need to make a judgment call, as these types of email attachments are not always malicious.
The newest version of Microsoft Office has a built-in security feature, whereby it opens files in “Protected Mode”, so that you can view the content, but no macros will be run until you enable the document for editing.
Encrypted Archive Files
Whilst they are very useful for sending big files using minimum size and resources, or sending sensitive files in a more protected way, archive files with password-protection (or encryption) cannot be scanned by anti-virus software. This is a popular file type for Cyber Criminals, as they can sneak the malware attachments through to their targets, undetected.
Receiving an email with a password-protected archive file attachment (.zip, .rar, or .7z) may contain malware, but then again it might also be safe. Were you expecting an archive file? You’ll need to judge it for yourself by assessing the sender and general email content.
You should only open attachment files that you know are safe. These may include: .jpg and .png (image files) or .docx, .xslx and .pptx (document files). To be on the safe side though, always exercise good judgment and ensure that you have the latest security patches to stop malicious files infecting you via security holes in Adobe Reader or Microsoft Office.
PDFs are also a very popular malware file type. Toll accounts (like Citylink), have been spoofed and .pdf invoices were sent by hackers advising users that their account had been suspended. If your version of Adobe Reader is not up-to-date, opening the .pdf attachment could infect your PC.
Be aware of fake file extensions. File extensions can be changed. Malware can sometimes have two files extensions, such as ‘virus.jpg.exe’. By default, Windows hides the file extensions, and hackers might use this to their advantage. You might think you are opening an image file, but in fact you are running an executable file, which contains malware. Hackers may also change the icon of a file type, to trick you. The icon looks like a Microsoft Word document, but the actual attachment is an .exe file.
Handy Hint! You can use your webmail client’s preview features for PDFs, documents, images and other types of files directly in your browser; to avoid actually downloading email attachments onto your computer.
5/ Always be cautious
When it comes to email attachments, you should exercise extreme caution and assume the worst.
It never hurts to be extra careful. Being reasonably suspicious of emails is actually smart and healthy for your PC. If it feels like a scam email, then it probably is.
Email attachments can be dangerous for anyone, because cyber-criminals are not picky about their targets. Spear-phishing campaigns often aim at high-value corporate and government targets, using email attachments to take advantage of previously unknown security vulnerabilities, however, home users are just as vulnerable because of security flaws in the software they use on their PCs.
If you apply the recommendations from FraudWatch International’s experts, you will dramatically decrease the probability of your PC being infected by Malware through harmful email attachment.
The advice every IT professional will give you, is: to keep your eyes open for anything suspicious; use common sense; and don’t be in rush to open all of your emails and download the attachments.