Software, Technology

How-to: Avoid Dangerous Email Attachments

Quarantine - by unknown, Creative CommonsEmail. It can’t really be ‘dangerous’ can it? Short of some bad news giving you a heart attack, no. But email attachments can harbour all kinds of nasties; trojans, worms, rogue executable code and other viruses. How do you know what’s safe to open? Even from people you know?

The trouble is, any type of file can be attached to an email, and whilst most mail servers run some sort of virus scanning and either remove or ‘quarantine’ suspicious emails, anti-virus software isn’t perfect. In this game, the buck stops with you; look after yourself and avoid loss of your data, money, identity and time.

Suspect email attachments are blunt weapons of mass destruction; indiscriminate. It doesn’t matter if you’re a targeted corporation or government department, bank, shop, business, or the retired old lady at the end of your street. So how do you spot the suspect package in your inbox?

Return to Sender
If you’re getting unsolicited mail and it has attachments in it, DON’T open them! Many a phishing and identity theft scam starts this way. Treat this like opening your front door to strangers.

If you do know the sender and the email comes with an attachment, unasked and unannounced, don’t assume they put it there. Don’t open it, reply and query what that is. If they don’t know, definitely don’t open it! Email addresses can be hijacked and email isn’t immune to man-in-the-middle attacks injecting malware en route. Trust no one.

Legitimate companies like Amazon, the postal service, couriers, your bank, these will never ask you to download an attachment from email. That’s not how trustworthy businesses work. Period. You might be asked to download files by technical support – but only when you yourself asked for it, right?

File Extensions
Start with the file extension. Unless you’re an IT wizard in the systems development business, you’re not going to request, or expect, most of the payloads under this list. Anything ending with .exe is a Windows program that will run if you open it, doing who knows what. Most email services block .exe attachments with good reason.

Other file extensions can run code, hiding it inside various Windows file types; installers, batch files, control panel plugin-ins, short-cuts, registry keys, javascript, Visual Basic programs and many more. Be suspicious of any of these: .msi, .bat, .com, .cmd, .hta, .scr, .pif, .reg, .js, .vbs, .wsf, .cpl, .jar and as Ronco used to say ‘many, many more.’ If you don’t recognise a file extension, ask the sender.

Risky Business
Microsoft Office files are not immune to malware. The ubiquitous Word, Excel and Powerpoint produce .docx, .xlsx, and .pptx which can contain harmful macros. Any Office document extension ending in ‘m’ is the accepted macro file type. So expect .docm, .xlsm, and .pptm to contain macros. If you didn’t ask for them, don’t run them.

Adobe Acrobat has received some malware attacks, however, so while .pdf files are generally safe, make sure you have the latest security patches. This is worth remembering with Microsoft Office, Internet Explorer and whatever version of Windows you’re running, apply the hotfixes and service packs.

Bigger Picture
In general, image files – .jpg, .png, .tif, .gif should be safe. Other macro-enabled files such as Illustrator .ai’s and others may not be.

The other scam with images involves a salacious subject line and an image file you ‘must see.’ Only it turns out the file extension is false and your machine works out what is is from the content (the file header) and helpfully runs it for you. “This looks like javascript. Would you like me to run it for you?” Bam!

Whilst you can’t run .zip, .rar, or .7z files directly, most PC’s are set-up to launch into some kind of archive manager – Winzip, 7zip or Windows file compressor. Before you know it, you’ve extracted the contents and tried to run an executable. Bam! Archives are a favourite means of circumventing security software; particularly encrypted archives which need a password to decrypt. It means the anti-malware programs can’t look inside them.

If you’re sent and encrypted archive and a password you didn’t request, don’t extract it.

Company email and webmail services like Gmail, Outlook, or Yahoo! automatically scan incoming attachments for malware and will block or quarantine any suspect packages. Of course, you have the option to pull them out again, but this is your cue to exercise good judgement.

If you do download an email attachment and your desktop anti-virus program lights up in red, stop. There are not so many false-positives that you can afford to ignore it. That’s why you got an anti-virus program in the first place, isn’t it?

So in reality, the biggest danger in email attachments isn’t the attachment – it’s your reaction to it. Most are only harmful if you let them out of the Inbox and into your machine. Be cautious. Be alert. We need more lerts. AJS

Related: How-to: Avoid Common Security Mistakes On-line Part2

Image credit: Quarantine – by unknown, Creative Commons

About Allan J. Smithie

Allan J. Smithie is a journalist and commentator based in Dubai.



  1. Pingback: How-to: Understand Internet Nameserver records | Everything Express - Feb 6, 2014

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Twitter Updates

Follow us on Twitter @EverythingExpre

Find Us on Facebook

Enter your email address to follow this blog and receive notifications of new posts by email.



BBC World News

BBC World News
Opens the BBC World News page.
%d bloggers like this: