The danger is everywhere, especially in the attachment files that arrive via email. This is what we know as a malicious attachment. These malicious attachments are one of the main tools used by cybercriminals to infect devices with malware, such as trojan, spyware and ransomware.
Just to give you an idea about what a malware could do, trojan infections can turn your machine into a zombie that will be part of a network of zombie machines, called botnets, which are used for various purposes, including denial of service attacks (DDoS).
Spyware infections will allow the attacker to access your entire machine. Spyware is a type of malware widely used by criminals who are interested in sensitive data, such as passwords and credit card information.
Ransomware is a data hijacker. It’s a type of malware that hijacks computers, blocks files, and then requests ransoms to release them. At least, this is what the hackers say: send me money and I'll release your devices. But we know it doesn't always work like that, and there's no guarantee that you'll get your files back after paying the ransom.
4 ways to identify a malicious attachment
As you can see, malware is pretty dangerous. To prevent you from having problems, we've made a list of 4 ways to recognize a malicious attachment in emails.
1. File types. That´s the tip number one. There is an extensive list of dangerous files, such as .exe, .vbs, .wsf, .cpl, .cmd, .scr and .js. What many people don’t know is that the vast majority of emails with weaponized attachments have .pdf, .doc, .xls and .zip files. So, from now on, be aware of Word, Excel and Adobe files. Besides that, pay attention to file names. A file named “example.exe.jpg” isn’t an image. This is a simple trick that works with lots of people.
2. Urgent subject. Be wary of emails and attachments that address the subject urgently. For example, you received a message from your bank with an attachment to review your credit card's invoice. The detail is that the message asks you to visualize the file and contact them as soon as possible or you'll have to pay exorbitant fees. Combining an attachment with a message that has a sense of urgency can be devastating for the recipient. Indeed, it is.
3. Decontextualized message. If you were not expecting that attachment, be wary of the email. You may receive a malicious attachment from a co-worker or friend. If his account has been compromised, you may receive a malicious email, such as "photos from our last meeting." In this case, evaluate the context of the email and, before clicking on the attachment, check the message legitimacy in another way, such as via phone.
4. Unknown sender. We receive emails all the time. Therefore, it's common to receive unexpected (and even unwanted) messages that supposedly bring interesting proposals. Under no circumstances click on attachments contained in emails from people you don't know. If you are unaware of the email sender, ignore the message and delete it.
How to protect against malicious attachment in emails
Look for an anti-spam and anti-virus tool. If you are looking for something for your company, a Secure Email Gateway might be an option, especially if it has sandbox for attachments. The sandbox will test the attachments in a virtual environment before delivering them to your company's employees. That's what you need to be protected from malicious files.