Categorized | News, Technology

Email Attachments: To Open, or Not to Open?

email attachments tips

Some of the most malicious worms, viruses and Trojans are being distributed through email attachments today. Many computers today become infected by malware at some point in time from downloading email attachments. The email is delivered with the attached PDF file to your address with instructions for you to download the file.

The attachment may appear to be harmless at first glance but once opened it will infect your computer. After your PC is infected, the worm will begin search the system and the email will be forwarded to all your contacts. If you have an updated security patch, reading the content in the message will not harm your system but the attachment will.

Most email service providers will filter out malicious emails from your inbox but you cannot always depend on this. Criminals that target high-value organizations will grab hold of any vulnerabilities in your email attachments tips

Malicious File Extensions

If you can tell what type of file is attached to the email then it will be easier for you to determine if the file is harmful. For instance, files with .exe are Windows programs and should not be downloaded to your PC. Email services like Gmail and Hotmail will block .exe file extensions. The problem is that there are many other dangerous file extension that your email service will not filter out. These include .cmd, .cpl, .msi, .com, .hta, .reg, .jar, and .vbs. This may seem like a lot but there are many other file extensions that can infect your PC.

Even office files that contain macros can be harmful. Macros are a set of instructions that are used to automate a task. Macros can be useful, they are used by many businesses today. However, they are also a great place for cyber criminals to store harmful codes. All they need to do is send you a file with macros and once you open it your computer will be infected. PCs with office 2007 or 2010 are less vulnerable to malicious macros. Once you try to open the file a warning will pop up allowing you to disable the macros. File extensions that ends with an ‘m’ like .pptm and .docm come with macros while those ending in ‘x’ like .pptx and .docx are usually free from macros.

It’s always best to avoid downloading files that you think may be harmful. Images files like .jpg and .png are usually safe but you can never be too careful with other files. Ensure that your security patches are updated to prevent files from infecting your system due to vulnerabilities in your Microsoft Office or Adobe Reader.

Archive Files

Some criminals will go a bit further to make it harder for email filters to identify malicious files by using an archive. Archives are a set of computer files grouped together to be transported to another location and to save space on the hard drive. They can come in a number of different formats like .rar, .zip, .ace, .7z, .s7z and others. When you receive an archive file you will need to download it and extract the content.

In some cases the files may be encrypted and may need a password to access the files. Encrypted archives can be more harmful than those without encryption. That is because it is not affected by antivirus programs and email filters and thus makes it easier for malware to make its way onto your computer. Although archive are the best option for sending sensitive files, you should be sceptical about downloading files from strange emails.

Who Is The Sender

The sender of the email is also another clue to help you determine if the attached file is harmful. Keep in mind that the sender may also be someone that you are familiar with. As mentioned before, once a person’s PC is infected the malware can be easily distributed to people that they contact. If you receive a file from a strange address or a contact that you were not expecting you should avoid opening it – it could be malware.

If your boss or lecturer plans to send files to your email they are likely to tell you beforehand. Remember: if the file contains macros you can’t be too careful.  Making a quick phone call to find out if the email is real will not hurt – it’s always better to ask them directly.  In doing so you will also be informing them of the malware on their PC so that they can remove it.

The Content In The Email

The way the email is written may also be an indicator that it contains malware. For instance the email might be coming from your friends address but the content may seem strange, it may be written by a scammer or malware on the senders PC. These can also be phishing emails that do not come with an attached file. Instead it may be from someone claiming to have a terminal illness and in need of urgent help asking you to send money via Western Union.

Also, be on the lookout for emails from prominent businesses, like UPS and FedEx, which instruct you to download files. Most of these companies will never ask you to download files to your computer but will instead ask you to do all paperwork in person.

Pay Attention To Antivirus Alerts

Yahoo!, Gmail and, among other email services, will notify you if an attachment contains malware. You should always pay attention to these warnings. Refrain from opening files if you receive a warming, as the phrase goes – “it’s better to be safe than sorry.” The content in the email may reassure you that there is no harm in downloading the files but in most cases it is a trick.

If your PC has an antivirus it will alert you if files that have already been downloaded pose a threat. It’s always best to put your trust in your antivirus and scan and remove the file if this happen. Of course antivirus programs are far from perfect so it may not always warm you about malicious files.

Better Safe Than Sorry

You can never be too careful when it comes to emails with attachments – always expect the worst and you’re likely to save yourself a lot of trouble. Avoiding downloading and opening attachments if you can. If the email is irrelevant to you there is no need for you to over think it – hit the delete button. Images and PDF files are safe for download as long as you update your security patches. Other files should always raise suspicion.

Leave a Reply