How to identify a malicious email attachment

December 07, 2020

Email remains one of our primary methods of communication. Unless you obtain your own domain, email is free to use. Using it is easy; and soon, IT titans like Google will integrate other apps into their email service, turning it into a one-stop communications and collaboration hub.

In short, email won’t lose relevance anytime soon and may even grow to become more indispensable than ever before. This will make it even more likely to be used by cybercriminals to spread nasty malware such as spyware and ransomware.

Therefore, being able to recognize a malicious email attachment is a valuable skill everyone in your organization must have. Here are tips worth sharing from the top down:

Check out the file extension

At the end of each file name is a file name extension — a combination of letters preceded by a dot. The extension indicates the file’s type and is sometimes either an acronym or an abbreviation. For example, .wma is for Windows Media Audio files, .png is for Portable Network Graphics files, and .mov is for QuickTime Movie files.

A prime example of email attachments that you must never download are .exe files. Often, these are Windows executable files that install malicious programs such as adware, spyware, and keyloggers onto your device. Because of this, most email programs automatically block .exe files, along with .ade, .adp, .bat, .com, .cpl, .js, .msi, .wsc, .wsf, .vbs, and many more.

Being able to recognize a malicious email attachment is a valuable skill everyone in your organization must have.

However, hackers will keep seeking ways to circumvent attack prevention methods. They’ll use Microsoft Office files that look harmless but carry macros — mini-programs inside the file — that infect your machine with malware. Office files that contain macros have extensions that end in m (e.g., .docm, .pptm, and .xlsm), so if you receive such an attachment from a colleague or client, contact that person if they indeed meant to send you a file with a macro in it.

Cybercriminals can also hide their malware in archive files such as .zip, .rar, or .7z. These are actually folders that contain compressed files, and the malware scanning capabilities of some email apps often miss the bad software. If you decide to download an archive file and it asks you to enter a password, cancel the download and go offline until a full anti-malware scan clears your machine. Or when you’re prompted to “enable content,” do not do it, as this will most likely launch macros that will install malware onto your system.

Verify the sender

Fraudsters use display names of legitimate persons, but some give themselves away by using email domains that don’t match the organization they’re pretending to be from. Others are wilier: they replace a lowercase “l” with an uppercase “I” or use three o’s instead of just two. If the sender’s email address is suspicious, mark it as spam and never download the attachments that come with the email.

However, do keep in mind that real email addresses can be hijacked by hackers. So just like with macro-laced attachments, be distrustful of files that you didn’t solicit, don’t make sense in a normal context, or are suspicious for even the most trivial of reasons. Verify if you were really meant to receive the files by calling the purported sender, not by replying to the email. In this case, email won’t work since the hijacker may be the one to respond to you.

Go through the content of the email

Refrain from downloading attachments without first checking the subject line and reading the body of the email. If the email is purportedly from a government agency, nonprofit, or well-known company, check for misspellings, typos, and bad grammar, as these are signs of a fraudster at work.

At other times, the content is well-written, but it’s not something that the sender would normally send. Of course, it must be said that there are fraudsters who are clever enough to write impeccable emails that have the correct context. In this case, you’ll need something smarter to help you out.

To help secure your email against threat actors who are smartening up, use a security solution that will always be smarter than them: [company_short]. Experience for yourself the protection that our AI-powered tools can provide you by availing of our FREE demo.

Stay safe from even the most sophisticated cyberattacks and social engineering scams

Put the powerful TrustGraph® AI of Graphus to work for your business, and in minutes you’ll get a powerful, easy-to-use, and customizable EmployeeShield® against phishing attacks.
Get a Demo of Graphus