In this article, you will learn how to detect malicious email attachments and how to protect yourself from being attacked by malicious software such as viruses, Trojans, or worms that spread via email on your home computer or corporate network. .
>
Most computer viruses are spread via email attachments. this is not surprising, since email has become one of the most important means of communication in recent decades. In a matter of seconds, you can make appointments, send documents, and handle private or business matters. however, as fast as communication works, enormous damage can be done.
basic rules for handling email attachments
By considering these three main rules, you can feel much more secure in your daily email communication.
-
Talk to the sender: To protect yourself if that program fails, you should always make sure that the attachment actually came from the person or institution that apparently sent it.
antivirus program: An antivirus program that is regularly updated and automatically recognizes some viruses and helps you detect problems. however, malware often simply passes those programs, especially when the viruses or Trojans are new and yet unknown to those programs. We recommend using only antivirus programs that are already built into the Windows (Defender) and MacOS (XProtect) operating systems. Due to the high quality of these, the benefit of third-party antivirus programs is controversial.
knowledge: it is useful to know some facts about the types of files and their extensions; Which ones are more dangerous than others? more on that later.
make sure you can trust the source of the attachment
You should always be aware of the fact that knowing the person or institution that sent you an email attachment is not enough. friends or businesses could have been victims of a data breach, which means the perpetrator could have misused the stolen data for their purpose. Even if there hasn’t been a data breach, it’s easy for cybercriminals to spoof email addresses. therefore, you should always double-check whether the person actually sent the attachment, perhaps with a quick call, email reply, or quick chat message.
And more importantly, you don’t often get unexpected attachments. if you bought a product, you wait for the invoice. if you get an attachment called “invoice”, but you’re not really sure what you’re supposed to have bought, just don’t click on it. curiosity in itself is a great quality because it broadens your horizon and puts us in contact with new things. but, in this context, curiosity can be quite harmful. Curiosity and fear of financial harm are probably the two basic human traits that make cybercrime flourish.
phishing in business emails: emotet
The malware emotet has been appearing in waves of attacks since 2014. The goal of this software is to cripple entire systems. in some cases, ransom demands are being made. emotet often spreads via macros in word files, which then load more malware. there are also versions where the attachments consist of a .zip file.
With each wave of attacks, the emails become more successful because they are strongly linguistically oriented towards the target group (companies and authorities). To do this, the senders are falsified in such a way that the e-mail gives the impression that it is an internal communication.
Which file types are less secure than others?
In addition to verifying the sender, you can also find out which types of files are more dangerous than others. In the list below, we will discuss some common file extensions and what types of files are most likely to be a host of malware, such as viruses, Trojans, and computer worms. many mail programs are blocking some extremely dangerous file types, such as file types with extensions .bat, .exe, .vbs, .com, .ade, .adp, .cpl, .wsc and many more.
text files
.txt this type is generally harmless. but, this notion has been exploited in the past. In the year 2000, the i-love-you computer worm spread rapidly through computers around the world, causing an estimated $10 billion in damage. this particular worm had a .txt.vbs extension, but most email programs did not display the latter extension. as a consequence, most people thought it was the harmless .txt extension. as soon as they clicked on the attachment, the computer ran the .vbs file, without testing for any attached malware. Due to that costly incident, it is no longer possible to send a .vbs file as an email attachment. this case shows how important it is that your email program displays all file extensions.
.pdf pdf files are also considered harmless. however, there have been many security holes in the most common program used to open pdf files: adobe reader. Due to those code vulnerabilities, it is possible to transport malware to your computer using pdf. As a consequence, even in the case of this relatively safe file type, it is very important to verify the sender.
.doc/.docx/.xls/xlsx/.ppt/.pptx to open office documents in email attachments is problematic due to the risk that they contain macro viruses. To protect yourself from such viruses, you need to make sure that the sender is actually the person who sent it to you. microsoft made a useful change starting with office 2007: from then on, files without macros have the ending .docx. a .docm file contains macros and should be handled with care. only with .doc files you can’t tell if it contains macros.
Our advice: If you receive an email with a .doc file attached, ask the sender to resend the file, for example as a .pdf.
image files
.jpg The .jpg extension is often used as camouflage for an executable program. therefore, it is important that your email program displays the full extension of the file.
compressed files
.zip/.rar compressed files may contain viruses that activate as soon as you extract them. you must trust the source of the email attachment, otherwise you must not open it.
audio files
.mp3 mp3 files are generally safe, but you still have to trust the source of the email that contains them.
.wav audio data in wav format, compared to mp3, is not compressed, which means that this type of file is more dangerous than mp3. it’s easier to hide malware in a wav file.
video files
.mpg/.mpeg/.avi/.wmv/mov/.ram we suggest not to open video files in html mails as it is easy to hide malware there.
executable files
.exe the .exe extension marks an executable file that can be activated on your computer as soon as you open it, which means that it can cause a lot of damage. such a file should never be opened if it is attached to an email. The good news is that many email providers, such as Gmail or Outlook, completely block emails containing attachments with this extension.
.html html is the standard language used to create web pages. in this format, Trojans and worms can be easily hidden. For this reason, many companies do not allow access to html emails on their servers.
detect dangerous email attachments
An additional level of security is uploading the data in question to the virustotal service. here, the content of the file is checked for malware. however, this test is not appropriate for files with sensitive or secret content because the data being reviewed is shared with antivirus software vendors.
If you follow these rules, the risk of getting malware through email, this convenient and indispensable means of communication, is greatly minimized. Strong antivirus software that’s always up to date, making sure you can always trust the source of the email, and some caution when dealing with problematic file types makes it more difficult for cybercriminals to spread malware via email.