Insights

Scams and Viruses: Which Email Attachments Are Safe to Open?

August 25, 2022

/Cyber Liability

Email scams and viruses are nothing new—threats like phishing emails and malware have been around since the days when services like AOL still dominated the internet and email landscape. However, while technology has made a firm pivot away from the days of dial-up modems and service-hosted platforms, email remains the method of choice for hackers looking to use ransomware or other malicious software to effectively monetize their exploits or to simply cause harm.

woman typing on laptop

If an attacker manages to get an employee to download and open a malicious file sent as an email attachment, the door will be opened for a variety of incredibly damaging scenarios for your business: data theft, fraudulent wire transfers, and leaking of confidential information are just a few of the possibilities. Given what’s at stake, it’s not an overstatement to say that email security is more important than ever.

Although it may be tempting to simply ask what types of email attachments are generally safe to open, the answer isn’t so straightforward.

Let’s start with some common warning signs of an email that may harbor a malicious threat.

Filenames with Double Extensions

Giving a misleading filename to an email attachment is not a new tactic by any means, but you’d be surprised how often hackers continue to get away with it. This can be as simple as adding what appears to be a harmless file type extension just before the actual extension with hopes of the potential victim overlooking it with a cursory glance.

For example, naming an .exe file something like file.txt.exe to make it appear as a .txt file is a common method. It’s relatively easy for someone to hover over the file, see a .txt in small letters on the screen somewhere in the name, and assume it’s okay to open.

Suspicious Sender Addresses

Another favorite tactic from hackers involves masking their email addresses with fake ones that appear to be official. This can be in the form of a first and last name, or the name of a company, such as Facebook. However, when you click on the sender’s details, you’ll see the sender’s address is something entirely different. Fake sender address emails are notorious for encouraging recipients to click on a link or download a supposedly safe attachment.

Unwanted Offers

Sometimes a fake offer in the form of a deal or giveaway from what appears to be a well-known company can make it past your email host’s spam filters. These emails typically have links that redirect you to a fake website that attempts to lure you into submitting your login credentials. However, some still come with email attachments containing misleading names.

It’s also not uncommon to see these emails under the name of a cyber security company imploring you to download “virus protection software” that is, quite literally, the virus itself.

Steps Your Organization Should Already Be Taking for Email Security

Email Filtering

Your organization should have robust email filtering systems that can scan and categorize inbound and outbound email traffic. The filters should be able to either block or reroute spam emails to a separate inbox and away from the primary inbox.

Outbound filters can ensure employees’ emails adhere to company rules and regulations while catching any emails that may include malicious content from an unknowingly compromised account.

Email Firewalls

Before an email can be filtered, it must first be able to pass through a firewall. Email firewalls can scan emails for viruses and malware and prevent them from reaching an employee’s inbox. They can also scan inbound emails associated with multiple accounts using different domain names and provide customization tools that enable IT teams to block certain domains while allowing others to pass through. Email firewalls are essential for catching and blocking emails containing threats like ransomware before they arrive in an inbox.

Phishing Tests

Not even the best firewalls and filters are guaranteed to block every potential malicious email that may find its way to your organization. Employee education and adherence to best practices are also a significant part of the equation. One highly effective tool you should be leveraging for email security is phish testing.

These programs let IT teams send a realistic (but fake) phishing email to employees to see how they respond to it. IT teams can then use the employee response to gauge the effectiveness of training programs and guidelines intended to help employees identify and respond appropriately to phishing emails.

Are Any Email Attachments Safe?

While it’s always best to scrutinize any attachment—especially if it’s from a sender you aren’t familiar with—there are certain file types that can be considered relatively “safe.” These include media files like .mp3, .m4a, .mpg, .wav, .gif, and .jpeg and simple document files like .txt.

However, as mentioned earlier, it’s always recommended to double-check the filename to ensure there isn’t a misleading extension. When in doubt, run a scan on the attachment before opening it.

Email Attachments You Should Typically Avoid Opening

Unless you are sure of what they are and who they came from, file extension types like .exe, .dmg, .zip, and .rar should be considered dangerous to open. Any of these extensions could contain a program that can infect a computer or network with ransomware or other attacks merely from opening them.

Some of the more surprising file types you should avoid include .pdf files—which can support scripting and remote-loading—and even .wav files, as they can deliver malicious payloads and exploit weaknesses in the audio player(s). Other files to avoid include .html, .msg, and .eml attachments due to their tendency to be used for phishing attempts.

MS Office Documents

Microsoft Office files can function as the perfect delivery vessel for malware. After all, the Microsoft Office Suite is a very popular set of software used by thousands of businesses every minute of every day, so most recipients won’t think twice about downloading a file with an extension like .doc, .xls, or .ppt.

Unfortunately, Office files can contain “macro” viruses written in the same language as programs such as Word and Excel, which are activated when you click the Enable Content button to edit the file.

It’s worth noting that Microsoft recently started blocking web-served Office files with macros by default, which has led to a 66% decrease in Office-related macro phishing attempts. This has, in turn, led to a corresponding increase in .iso, .img, and .msi file-related attempts, so be sure to avoid them as well.

When in Doubt, Always Play it Safe

In the event a potentially malicious or suspicious email does reach a primary inbox, it’s always best to double-check with the person who sent it, especially if they are within the organization or have a working relationship with it. Employees should feel encouraged to exercise caution with all attachments and remain vigilant about examining sender addresses and scanning attachments.

The cyber insurance market has responded to the security threat of employee error in multiple ways, including both true risk transfer and value-added services that can aid in mitigation and incident response.

For more insights into cyber coverage, be sure to check out:

FEATURED VIDEO

8 Reasons to Buy Cyber Insurance
 

Related Blog Posts

Was this post helpful?

See all articles by Dan Burke

All views expressed in this article are the author’s own and do not necessarily represent the position of Woodruff-Sawyer & Co.

Dan Burke

Senior Vice President, National Cyber Practice Leader

Editor, Cyber Liability

As National Cyber Practice Leader, Dan drives the strategy to grow our cyber business, such as developing tools to help clients and prospects understand and quantify their cyber exposures, as well as thought leadership. He frequently speaks at industry conferences and has been quoted in various trade magazines and newsletters, including The Wall Street Journal.

415.402.6514

LinkedIn

Dan Burke

Senior Vice President, National Cyber Practice Leader

Editor, Cyber Liability

As National Cyber Practice Leader, Dan drives the strategy to grow our cyber business, such as developing tools to help clients and prospects understand and quantify their cyber exposures, as well as thought leadership. He frequently speaks at industry conferences and has been quoted in various trade magazines and newsletters, including The Wall Street Journal.

415.402.6514

LinkedIn