If an attacker manages to get an employee to download and open a malicious file sent as an email attachment, it opens the door to a variety of scenarios that are incredibly damaging to your business: data theft, fraudulent wire transfers, and sensitive information leaks. just some of the possibilities. Given the stakes, it’s not an exaggeration to say that email security is more important than ever.
Although it may be tempting to simply ask what types of email attachments are generally safe to open, the answer is not that simple.
Let’s start with some common warning signs of an email that may harbor a malicious threat.
File names with double extensions
Giving an email attachment a misleading filename isn’t a new tactic by any means, but you’d be surprised how often hackers get away with it. This can be as simple as adding what appears to be an innocuous file type extension just before the actual extension in the hope that the potential victim will miss it with a cursory glance.
For example, naming a .exe present something like file.txt.exe to appear as a .TXT The file is a common method. It is relatively easy for someone to hover over the file, view a .TXT in lowercase letters on the screen somewhere in the name and assume it’s ok to open it.
Suspicious sender addresses
Another favorite tactic of hackers is to mask their email addresses with fake addresses that appear to be official. This can be in the form of a first and last name, or a company name, such as Facebook. However, when you click on the sender’s details, you’ll see that the sender’s address is something else entirely. Emails with spoofed sender addresses are notorious for encouraging recipients to click on a link or download a supposedly safe attachment.
unwanted offers
Sometimes a bogus offer in the form of a deal or gift from what appears to be a well-known company can get past your email server’s spam filters. These emails often contain links that redirect you to a fake website that tries to lure you into submitting your login credentials. However, some still come with email attachments that contain misleading names.
It’s also not uncommon to see these emails with the name of a cybersecurity company imploring you to download “virus protection software” that is literally the virus itself.
Steps your organization should already be taking for email security
email filtering
Your organization must have robust email filtering systems that can scan and categorize incoming and outgoing email traffic. Filters should be able to block or redirect spam emails to a separate inbox and away from the main inbox.
Outbound filters can ensure that employee emails adhere to company rules and regulations, while capturing any emails that may contain malicious content from a compromised account without knowing it.
email firewalls
Before an email can be filtered, it must first be able to pass through a firewall. Email firewalls can scan emails for viruses and malware and prevent them from reaching an employee’s inbox. They can also scan incoming email associated with multiple accounts using different domain names and provide customization tools that allow IT teams to block certain domains and allow others through. Email firewalls are essential for capturing and blocking emails containing threats like ransomware before they reach your inbox.
phishing tests
Not even the best firewalls and filters are guaranteed to block all potential malicious emails from reaching your organization. Employee education and adherence to best practices are also an important part of the equation. A very effective tool that you should take advantage of for email security is the phishing test.
These programs allow IT teams to send a realistic (but fake) phishing email to employees to see how they respond. IT teams can then use employee response to measure the effectiveness of training programs and guidelines intended to help employees properly identify and respond to phishing emails.
Are email attachments safe?
While it’s always best to scan any attachment, especially if it’s from a sender you’re unfamiliar with, there are certain types of files that can be considered relatively “safe.” These include media files like .mp3, .m4a, mpg, .wav, .gifY .jpeg and simple document files like .TXT.
However, as mentioned above, it’s always recommended to double check the filename to make sure there isn’t a misleading extension. If in doubt, run a scan on the attached file before opening it.
Email Attachments You Should Normally Avoid Opening
Unless you’re sure what they are and who they came from, file extension types like .exe, .dmg, .Postal CodeY .rar should be considered dangerous to open. Any of these extensions could contain a program that can infect a computer or network with ransomware or other attacks simply by opening them.
Some of the more surprising file types to avoid include .pdf files, which can support scripting and remote loading, and even .vibe files as they can deliver malicious payloads and exploit weaknesses in audio players. Other files to avoid include .html, .msgY .eml attachments due to their tendency to be used for phishing attempts.
MS Office Documents
Microsoft Office files can serve as the perfect delivery container for malware. After all, Microsoft Office Suite is a very popular software suite used by thousands of businesses every minute of every day, so most recipients won’t think twice about downloading a file with an extension like . .doc.xls, either .ppt.
Unfortunately, Office files can contain “macro” viruses written in the same language as programs like Word and Excel, which are activated when you click the Enable Content button to edit the file.
It’s worth noting that Microsoft recently began blocking web-provided Office files with macros by default, which has led to a 66% decrease in Office-related macro phishing attempts. This, in turn, has led to a corresponding increase in .I like this, .imgY .M: Yes file-related attempts, so be sure to avoid those as well.
When in doubt, always play it safe
In the event that a potentially malicious or suspicious email lands in a primary inbox, it’s always best to check with the person who sent it, especially if they’re inside or working with your organization. Employees should be encouraged to be careful with all attachments and remain vigilant when examining return addresses and scanning attachments.
The cyber insurance market has responded to the security threat of employee error in multiple ways, including actual risk transfer and value-added services that can aid in incident mitigation and response.
