It’s always fun to start off with a good trivia question: according to a 2017 Verizon report, what percentage of malware was installed via a Malicious Email Attachment?
66% or a full ⅔ of malware. That includes backdoors, keyloggers, spyware, ransomware, exploits, downloaders and plenty of other really bad stuff. The consequences of falling victim of a malicious email attachment attack can be pretty brutal. According to a Proofpoint study, attacks based on malicious email attachments are inexpensive compared to other vectors. This all adds up to the makings of a vector that is likely to see significant attention from cyber criminals.
How do Malicious Email Attachments Work?
To give the short intro how malicious email attachments work, an attacker will use them to fool the user to downloading malware or to other ends, which can often include invoice fraud. While the email itself might seem to be harmless, often downloading the attachment alone can be enough to unleash the malware and do extensive damage.
How to Know If An Email Attachment is Malicious
There is no surefire way to know if a file will be malicious. The most reliable way to make sure you are safe is to have a leading email attachment scanner with anti-malware and virus protection to ensure that the malicious emails don’t even get through to your inbox. Other elements that your email scanner should have would include sandboxing, phishing protection and URL defense. You also need to make sure your endpoints (such as your computer, mobile, and server) have malware and virus protection. Otherwise, there are other rules to follow that will be especially relevant to malicious email attachment defense.
As a general rule, an email from an unknown sender should always be processed with extreme caution. Even then, a sender can be impersonated or spoofed, or even a contact of yours that was hacked. It is not enough to rely simply on this rule – what you perceive as a known sender can come back to haunt you.
Along with unknown senders, unexpected requests make up the 2 biggest giveaways. This applies to all spam really. When in doubt, risk looking overly cautious to ensure your company doesn’t turn into a cybersecurity case study. Even if it is an expected request, from an expected sender, there’s still a chance the attachment could be malicious, rare as that may be. If a known sender is sending a malicious email attachment, most email security (without sandboxing) can still miss it.
Bizarre filenames, or ones that are not within the norm of what you’d expect, such as files with spelling errors or strange strings of characters or others, should be handled with extreme care. Most people do not save and share spreadsheets named “random string of alpha-numeric symbols”.
Never open EXEs
Executable files are notorious for being able to install malicious code on your device. IT departments should straight out block the sending or receiving of any executable files over email. Never open an EXE in an email attachment.
ZIPs and RARs
Any files that are zipped cannot be scanned until they’ve been downloaded (that is without attachment scanners). You incur a serious risk when you download unknown files. Besides the possibility of containing executables or macro containing office documents, hidden files can contain all kinds of extensions and viruses. If you receive a zipped file from an unfamiliar source, confirm by phone or another method (not the sender’s email address) that the sender is trustworthy and that the files will contain no surprises.
These can often contain hidden macros or scripts, that can run after you “allow macros” on the document not knowing what you are allowing to run. The files can contain macros, which when enabled installed malware. It’s very hard to spot this kind of attack, which is where tech solutions are needed.
Better safe…than the victim of a malicious email attachment
When in doubt forward the message to IT, authenticate the email by calling your colleague, and obey the general rules for spotting fraudulent emails. This includes, poor formatting, spelling errors, over the top urgency, and anything that’s too good to be true.
There are a multitude of threats lurking in your inbox, and a spam email with a malicious attachment should be especially frightening. If you follow generally accepted email security practices you should preserve some peace of mind.
Have a look at Vircom’s Malicious Email Attachment Defense.