How to recognize whether an email attachment is safe

Body

A huge portion of information security issues start with fraudluent/malicious emails.  The cyber criminals sending these messages hope to trick people into one of the following activities:

  • Opening an attachment that contains malicious software (viruses, worms, trojans, etc.)
  • Clicking on a link that brings you to a malicious website.  Once brought to the malicious website, you may be hit by a drive-by attack (where you can be infected just by visiting a malicious site) or may be tricked into giving out sensitive information (most commonly your username and password).

 

Though there are technological defenses in place (at the computer and network level on-campus) they cannot protect against all attacks.  How can you protect yourself?  This is a short guide to help you recognize these threats and protect not only your data - but the sensitive data you are entrusted to if you are a faculty or staff member.

 

Before clicking opening an email attachment

EVERY time you before you open an attachment you should be doing these things.  Don't open attachments by rote without thinking of these items below:

  1. Ask yourself - do you know the sender?  If not - you should definitely not be opening the attachment.
  2. If you do know the sender - are you expecting something from them?  Even if you recognize the sender, the sender's name and/or address could be spoofed (faked to make it look like someone you know), or the sender's own email account could be compromised by criminals.
  3. When in doubt - contact the Service Desk if you are unsure of the authenticity of the message.

 

After opening an email attachment

So assuming you do open attachment - even if it is malicious all is not necessarily lost.

If you open a Microsoft Office attachment - you'll usually be notified that you are viewing the message in PROTECTED VIEW - this is a layer of protection that helps defend against some kinds of malicious attachments.  Don't click the "Enable Editing" button unless you absolutely have to edit the document.

Screenshot of Microsoft Word with the Protected View message

 

Be cautious of instructions to "Enable Editing" mode

Be extra suspicious if the document you open explicitly asks you to click Enable Editing.  This is a common tactic used in malicious attachments to trick people into clicking the Enable Editing button.  An example of this is below:

Example screenshot of a malicious attachment which instructs recipients to "Enable Editing"

  Caption: Image from My Online Security

 

Be suspicious of links within attachments

Often criminals will try to hide links to malicious sites within attachments.  Be just as cautious about clicking links in attachments as you are about links in emails.  A particularly ommon example is one in the image below.  You open an attachment and the attachment itself has a link to "View" the file.  
Screenshot example of a fraudulent attachment asking users to go to an external link to view the file

Details

Details

Article ID: 44051
Created
Fri 12/8/17 3:22 PM
Modified
Thu 10/6/22 3:22 PM