Email remains one of the most widely used modes of communication for businesses of all sizes. Unfortunately, it's also one of the most preferred entry points of malicious cybercriminals. An email and its attachments can be embedded with malware, and your entire network can get infected once a user clicks on them.
With this in mind, it's important that you and your employees learn how to spot potentially dangerous emails and email attachments. Here are the red flags you should look out for.
#1. Unknown senders
If an email has a weird and nonsensical address such as “firstname.lastname@example.org,” then it’s probably not safe and something you shouldn’t open. These types of emails should immediately be flagged as spam and removed from your inbox.
However, some emails are harder to spot because there are clever hackers who create fake email addresses that look similar to trusted ones. For example, if your bank has an email address of “email@example.com,” a cybercriminal can create a fake email by adding or omitting a single character such as “firstname.lastname@example.org.”
#2. Strange attachments
Be wary of email attachments with random file names such as INOV88849937625536(*&%%. Do not download them, or better yet, delete the email immediately. Other attachments you should stay away from are those that sound like they are offering you a large sum of money such as “amazingopportunity” or “princeofafrica”. These types of attachments likely contain malware that can infect your network once clicked.
#3. File extensions
Hackers are notorious for using several types of file extension to deliver and infect your network with malware. When clicked by unsuspecting users, these file extensions can auto-execute and install all sorts of malware into a computer. Here's a list of file extensions you should be wary of.
- EXE – short for an executable file
- JAR – exploits Java runtime insecurities
- BAT – comes with a list of commands for MS-DOS
- PSC1 – a frequently used PowerShell script
- VB and VBS – Visual Basic scripts
- MSI – a type of Windows installer file
- CMD – file extension similar to a BAT file
- REG – Windows registry files
- WSF – used for mixed scripting languages
- JPG or JPEG – a common image file extension
#4. ZIP files
ZIP files or archived files are a great way to transmit private data; however, they're also tools cybercriminals can use to hide and deliver malware. This is because archived files are encrypted, which makes it difficult for antivirus scanners to check their contents and flag them as spam. For these types of files, you should always double-check the source.
How you can protect yourself
To protect yourself from malicious emails and email attachments, run through this checklist.
- Check the sender – Always double-check where an email is coming from. When in doubt, try to get in touch with the person who supposedly sent the email so you can verify that the email is safe and legit.
- Disable auto-downloads – Some email apps are programmed to auto-download attachments, which can potentially contain malware. You can prevent this by configuring your computer or email to stop downloading attachments automatically.
- Recognize phishing scams – Training sessions should be held on a regular basis to help you and your employees recognize phishing scams and other social engineering schemes that are sent through your email.
- Check file extensions – Treat any and all types of email attachments as a security threat. Hackers can hide malware using various file extensions, so make it a habit to have your antivirus software check all attachments that come with your email.
- Use updated antivirus software – Make sure that your antivirus software is frequently updated to help you identify and catch the latest malware.
- When in doubt, delete the email – If you're having doubts about a particular email it's best to err on the side of caution and delete it.
To keep your company safe from dangerous emails, you need the help of a managed IT service provider (MSP) like Complete Document Solutions. Our cybersecurity solutions will safeguard your network from any malicious emails that can interfere with your daily operations. For a free network and IT assessment, give us a call today.