How-to: Avoid Dangerous Email Attachments
January 26, 2014 2 Comments
Email. It can’t really be ‘dangerous’ can it? Short of some bad news giving you a heart attack, no. But email attachments can harbour all kinds of nasties; trojans, worms, rogue executable code and other viruses. How do you know what’s safe to open? Even from people you know?
The trouble is, any type of file can be attached to an email, and whilst most mail servers run some sort of virus scanning and either remove or ‘quarantine’ suspicious emails, anti-virus software isn’t perfect. In this game, the buck stops with you; look after yourself and avoid loss of your data, money, identity and time.
Suspect email attachments are blunt weapons of mass destruction; indiscriminate. It doesn’t matter if you’re a targeted corporation or government department, bank, shop, business, or the retired old lady at the end of your street. So how do you spot the suspect package in your inbox?
Return to Sender
If you’re getting unsolicited mail and it has attachments in it, DON’T open them! Many a phishing and identity theft scam starts this way. Treat this like opening your front door to strangers.
If you do know the sender and the email comes with an attachment, unasked and unannounced, don’t assume they put it there. Don’t open it, reply and query what that is. If they don’t know, definitely don’t open it! Email addresses can be hijacked and email isn’t immune to man-in-the-middle attacks injecting malware en route. Trust no one.
Legitimate companies like Amazon, the postal service, couriers, your bank, these will never ask you to download an attachment from email. That’s not how trustworthy businesses work. Period. You might be asked to download files by technical support – but only when you yourself asked for it, right?
Start with the file extension. Unless you’re an IT wizard in the systems development business, you’re not going to request, or expect, most of the payloads under this list. Anything ending with .exe is a Windows program that will run if you open it, doing who knows what. Most email services block .exe attachments with good reason.
Microsoft Office files are not immune to malware. The ubiquitous Word, Excel and Powerpoint produce .docx, .xlsx, and .pptx which can contain harmful macros. Any Office document extension ending in ‘m’ is the accepted macro file type. So expect .docm, .xlsm, and .pptm to contain macros. If you didn’t ask for them, don’t run them.
Adobe Acrobat has received some malware attacks, however, so while .pdf files are generally safe, make sure you have the latest security patches. This is worth remembering with Microsoft Office, Internet Explorer and whatever version of Windows you’re running, apply the hotfixes and service packs.
In general, image files – .jpg, .png, .tif, .gif should be safe. Other macro-enabled files such as Illustrator .ai’s and others may not be.
Whilst you can’t run .zip, .rar, or .7z files directly, most PC’s are set-up to launch into some kind of archive manager – Winzip, 7zip or Windows file compressor. Before you know it, you’ve extracted the contents and tried to run an executable. Bam! Archives are a favourite means of circumventing security software; particularly encrypted archives which need a password to decrypt. It means the anti-malware programs can’t look inside them.
If you’re sent and encrypted archive and a password you didn’t request, don’t extract it.
Company email and webmail services like Gmail, Outlook, or Yahoo! automatically scan incoming attachments for malware and will block or quarantine any suspect packages. Of course, you have the option to pull them out again, but this is your cue to exercise good judgement.
If you do download an email attachment and your desktop anti-virus program lights up in red, stop. There are not so many false-positives that you can afford to ignore it. That’s why you got an anti-virus program in the first place, isn’t it?
So in reality, the biggest danger in email attachments isn’t the attachment – it’s your reaction to it. Most are only harmful if you let them out of the Inbox and into your machine. Be cautious. Be alert. We need more lerts. AJS
Image credit: Quarantine – by unknown, Creative Commons