Looking for Dangerous Email Attachments
John M. Haddad
Every day we hear of computers becoming infected with computer viruses because we simply trust every email, especially from our friends, family and co-workers. Our guard easily gets let down and we click an attachment without giving it a second thought.
Emails can be dangerous. Reading the contents of an email should be safe if you have the latest security patches, but email attachments can be harmful. Any type of file can be attached to an email, including .exe program files. Many email servers will perform virus scanning and remove potentially dangerous attachments, but you can’t rely on this. Look for the common warning signs so you can avoid viruses, worms, and Trojans .
Dangerous File Extensions
The easiest way to identify whether a file is dangerous is by its file extension, which tells you the type of file it is. For example, a file with the .exe file extension is a Windows program and should not be opened. Many email services will block such attachments .
However, .exe isn’t the only type of dangerous file extension. Other potentially dangerous file extensions that can run code include: .msi, .bat, .com, .cmd, .hta, .scr, .pif, .reg, .js, .vbs, .wsf, .cpl, .jar and more. This is not an exhaustive list — there are many different file extensions in Windows that will run code on your computer when executed.
Office files with macros are also potentially dangerous. If an Office document extension ends with an “m”, it can — and probably does — contain macros. For example, while .docx, .xlsx, and .pptx should be safe, extensions such as .docm, .xlsm, and .pptm can contain macros and can be harmful. Of course, some businesses use macro-enabled documents, so you have to exercise your own judgment.
In general, you should only open files with attachments that you know are safe. For example, .jpg and .png are image files and should be safe. .pdf, .docx, .xlsx, and .pptx are document files and should also be safe. It is extremely important to have the latest security patches so malicious types of these files can’t infect you via security holes in Adobe Reader or Microsoft Office.
Pay attention to the Sender
Looking at who an email was sent by can help you identify whether an email attachment is malicious or not. Beware: an attachment can be malicious even if you know the sender! If they’ve become infected, a malware program may send you emails from their email address, disguised as emails they’d send.
If you’re not sure whether someone sent you a suspicious-looking email attachment, you may want to give them a phone call or ask them in person. If they didn’t send the attachment, they’ll appreciate the warning that their computer is infected or their email address has been hijacked.
Look at the Email Itself
The email’s contents can also offer clues. If you get an email from someone you know and something seems a bit off, it may be written by malware or a hijacker. Such emails could also be phishing emails without any dangerous attachments — for example, if you get an email from someone you know saying they’re trapped and need you to wire some money with Western Union , this could easily be a phishing scam .
If you get an email from FedEx or UPS and it asks you to download an email attachment and run it, that’s another red flag. Legitimate businesses will never ask you to download and run programs attached to an email.
Pay attention to Antivirus Alerts
If you are using a cloud-based webmail service like Gmail, Outlook.com, or Yahoo! Mail, your webmail service will automatically scan incoming attachments for malware and inform you if the attachments are dangerous. They typically do a great job of catching emails that even we can’t catch with the human eye. Of course, if you see a warning that an attachment is malicious, you should not download it! The text of the email may ask you to ignore any problems and assure you that the attachment is actually fine, but this would likely be a trick.
If you are running a desktop antivirus program and it flags an email attachment as a potential virus, don’t ignore the warning and run it anyway. Trust that your antivirus program is doing it’s job. Of course, antivirus programs aren’t perfect. They’ll miss things occasionally, so you can’t only rely on your antivirus. An attachment could be dangerous even if no antivirus flags it.
In summary, be vigilant
When it comes to email attachments, you should exercise extreme caution and assume the worst. Don’t actually download or run an attachment unless you have a good reason to do so. If you’re not expecting an attachment, treat it with healthy suspicion. If it’s an image attachment, that’s probably okay. PDFs should be okay if you have the latest security patches, too. But if you’re not sure what something is, you shouldn’t run it.
Think twice before opening an attachment. Look at the sender, the wording of the email, the context of the message as it relates to the attachment and question everything. If you are not comfortable with opening the attachment, don’t.