How To Spot A Dangerous Email Attachment

Ads by Google

Emails can be dangerous. Reading the contents of an email should be safe if you have the latest security patches, but  email attachments can be harmful. Any type of file can be attached to an email, including .exe program files. Many email servers will perform virus scanning and remove potentially dangerous attachments, but you can’t rely on this. Look for the common warning signs so you can avoid viruses, worms, and Trojans.

So-called “spear-phishing campaigns” that go after high-value corporate and government targets have used email attachments to take advantage of previously unknown security vulnerabilities. Email attachments can be dangerous to anyone.

Dangerous File Extensions

The easiest way to identify whether a file is dangerous is by its file extension, which tells you the type of file it is. For example, a file with the .exe file extension is a Windows program and should not be opened. Many email services will block such attachments.

However, .exe isn’t the only type of dangerous file extension. Other potentially dangerous file extensions that can run code include: .msi, .bat, .com, .cmd, .hta, .scr, .pif, .reg, .js, .vbs, .wsf, .cpl, .jar and more. This is not an exhaustive list — there are many different file extensions in Windows that will run code on your computer when executed.

Office files with macros are also potentially dangerous. If an Office document extension ends with an m, it can — and probably does — contain macros. For example, .docx, .xlsx, and .pptx should be safe, while .docm, .xlsm, and .pptm can contain macros and can be harmful. Of course, some businesses use macro-enabled documents. You’ll have to exercise your own judgment.

In general, you should only open files with attachments that you know are safe. For example, .jpg and .png are image files and should be safe. .pdf, .docx, .xlsx, and .pptx are document files and should also be safe — although it’s important to have the latest security patches so malicious types of these files can’t infect you via security holes in Adobe Reader or Microsoft Office.

Archives, Especially Encrypted Ones

In an attempt to make it around email filters, someone may email you malicious file attachments in an archive — especially an encrypted one. For example, you may receive an email with a .zip, .rar, or .7z file and its password. You’d need to download the archive file and extract its contents with the password to access them.

Ads by Google

The password-protection — or encryption — on the archive prevents email scanners and antivirus programs from examining it, so it’s very possible that the archive could contain malware. Of course, password-protected archives are also an effective way to email sensitive files. You’ll have to use your judgment once again.

extract-encrypted-archive-with-password

The Sender

Looking at who an email was sent by can help you identify whether an email attachment is malicious or not. Beware: an attachment can be malicious even if you know the sender! If they’ve become infected, a malware program may send you emails from their email address, disguised as emails they’d send.

If you get an email from someone you don’t know with a questionable-looking attachment, it’s probably malware. If you receive a macro-enabled Office document from someone you’re not expecting one from, exercise extreme caution.

On the other hand, if your boss tells you in person that she’ll email you a macro-enabled Excel spreadsheet and you get an email from her with an .xlsm file later that day, the attachment is probably safe.

If you’re not sure whether someone sent you a suspicious-looking email attachment, you may want to give them a phone call or ask them in person. If they didn’t send the attachment, they’ll appreciate the warning that their computer is infected or their email address has been hijacked.

The Email Itself

The email’s contents can also offer clues. If you get an email from someone you know and something seems a bit off, it may be written by malware or a hijacker. Such emails could also be phishing emails without any dangerous attachments — for example, if you get an email from someone you know saying they’re trapped and need you to wire some money with Western Union, this could easily be a phishing scam.

If you get an email from FedEx or UPS and it asks you to download an email attachment and run it, that’s another red flag. Legitimate businesses will never ask you to download and run programs attached to an email.

suspicious-phishing-email

Antivirus Alerts

If you’re using a webmail service like Gmail, Outlook.com, or Yahoo! Mail, your webmail service will automatically scan incoming attachments for malware and inform you if the attachments are dangerous. Of course, if you see a warning that an attachment is malicious, you should not download it! The text of the email may ask you to ignore any problems and assure you that the attachment is actually fine, but this would likely be a trick.

If you download an email attachment and your desktop antivirus program flags it, stop right there. Don’t click through the warning and run it anyway — trust your antivirus program more than the email attachment.

Bear in mind that antivirus programs aren’t perfect. They’ll miss things occasionally, so you can’t only rely on your antivirus. An attachment could be dangerous even if no antivirus flags it.

Have a Healthy Suspicion

When it comes to email attachments, you should exercise extreme caution and assume the worst. Don’t actually download or run an attachment unless you have a good reason to do so. If you’re not expecting an attachment, treat it with healthy suspicion. If it’s an image attachment, that’s probably okay. PDFs should be okay if you have the latest security patches, too. But if you’re not sure what something is, you shouldn’t run it.

Your webmail client’s preview features can also help. You can preview PDF files, documents, images, and other types of files in your browser without actually downloading them to your computer.

preview-email-attachments-in-gmail

Do you have any other tips for dodging dangerous email attachments? Leave a comment below!

Image Credit: Mark on Flickr

Join live MakeUseOf Groups on Grouvi App Join live Groups on Grouvi
Web for Kids
Web for Kids
19 Members
Deep Web Communities
Deep Web Communities
33 Members
Awesome Websites
Awesome Websites
68 Members
Best Music Services
Best Music Services
26 Members
Ads by Google
Comments (27)
  • Queazy Soporiphic

    I just tried to download malware from a link on this page. Then I opened a new page and googled the malware removal tool to download from there. In both cases the download file is an .exe which we are told not to trust.

    Am I right in not downloading because it is an .exe?
    I am not well informed on these things but am trying to remedy that and I have spotted scams etc before and acted defensively or reported them to appropriate bodies.

  • Alisha

    Good Information. Thanks for sharing.

  • Steph

    Rules I live by:

    If I don’t know the sender – bin it.
    If I get an email from a sender that I am not expecting – e.g. flight confirmations when you haven’t booked a flight recently – bin it.
    Always check the senders address in the header – emails purporting to be from ‘QANTAS’ but with a return address of @bigpond or an equally vague addresses get binned.
    Never ever ever ever open .zip type attachments without checking one way or the other. i.e. if you know the sender ring them, if you don’t know the sender bin it.
    If there is poor spelling & or grammar in the subject, sender fields or body of the email (that can’t be explained by simple typos) bin it.
    Habitually block senders that send malicious emails. I have found that with some virus & emails programs they learn as you go so if you block all those ‘Hi. I’m in town would you like to meet for a coffee’ emails they all eventually get rejected from your server.
    Just deleting an email doesn’t make it go away. It will sit in your Deleted items folder, junk mail folder or similar. Empty these folders frequently to permanantly delete items.

    I know there have been a few times where I have bined stuff that I shouldn’t have but people have now learnt that if they are going to send me a file they need to let me know first. As much as a pain this has been I have also only had about 2 virus or malware infections in the last 10 years.

  • Carolyn B

    I GET THESE CRAZY EMAILS ALL THE TIME!

  • Tatyana Istomina 0099 T,Th

    I am glad I read this article, I will be more careful when downloading files that somebody sent me and will make sure the name extension does not contain anything suspicious. Also I will look at the sender’s name.

Load 10 more
Affiliate Disclamer

This review may contain affiliate links, which pays us a small compensation if you do decide to make a purchase based on our recommendation. Our judgement is in no way biased, and our recommendations are always based on the merits of the items.

For more details, please read our disclosure.
Affiliate Disclamer

This review may contain affiliate links, which pays us a small compensation if you do decide to make a purchase based on our recommendation. Our judgement is in no way biased, and our recommendations are always based on the merits of the items.

For more details, please read our disclosure.