How is malware spread through email attachments?
Criminals often impersonate reputable businesses, government agencies, and various services to trick people into opening a malicious attachment. Some of those emails may be crafted very professionally and it can be hard to notice any alarming signs.
However, when you click a fake attachment, a chain of unfortunate events unfolds:
- Malware is executed on your device.
- Hackers monitor your online behavior and may steal your personal information, such as passwords and credit card details.
- More malware is downloaded to your computer. It can even be added to a botnet to perform malicious activities online.
A successful hacking attack can not only turn your device into a piece of garbage but also leave you penniless. Since data breaches happen every day, wrongdoers can compromise the account of someone you know and imitate that person. If you received an email from a family member or a friend, you probably won’t blink twice before opening it.
General signs that you have received a fake email
- A sense of urgency. Phishing emails often create a sense of urgency so the receiver opens an attachment without thinking too much. Let’s say you get an email from your alleged bank claiming that suspicious withdrawals were noticed on your account. The email urges you to view the attachment and verify if those withdrawals are legitimate.
- Poor grammar. Service providers take their communication seriously and don’t let grammar mistakes slip through the cracks and damage their brand reputation. However, if you feel that an email was written by someone who is not fluent in English, it’s definitely an imposter.
- Primitive design. The same can be said about the email design. If the visual part of the email looks amateurish, it may also be a sign that it was created by threat actors rather than by a professional graphic designer.
- Suspicious requests. If the sender asks you to share your password or credit card information, it’s a scam. Service providers never ask you to send your sensitive details over email.
- Fake email addresses. Some amateur scammers often imitate well-known brands like Facebook or LinkedIn but use an email address ending with gmail.com or outlook.com. email@example.com is not a legitimate email address of a Facebook representative. Don’t get tricked!
- Unrealistic promises. Have you ever received an email claiming you’ve won $100 million dollars or a new iPhone? If the information presented is too good to be true, the email could be a fake.
- Malicious links. Always hover over a link to see where it’s going. Hackers can imitate your bank, redirect you to a perfectly polished counterfeit website, and trick you into revealing your personal details.
How to spot malicious attachments
Avoid opening attachments containing extensions, such as .iso, .exe, .zip, .rar, and .dmg. A lot of malware is also delivered as Microsoft Office files. Since everyone recognizes extensions like .doc, .ppt, or .xls, people are more likely to click on them, so be careful.
Can txt files contain viruses? The plain text file format .txt is considered relatively safe. Even if this type of file contains malicious code, it can’t be executed. However, criminals can use a double extension to trick users into clicking on a file, such as “attachment.txt.exe.” In this particular example, the attachment is not a .txt file but .exe, which can be executed immediately and infect your system.
You are now probably wondering which email attachments are generally safe to open. Video, photo, and audio files are considered the least risky type of attachments. However, while .avi, .mp3, .jpg, and other similar audiovisual file formats will be less likely to get you in trouble, malicious code can still be embedded into them.
How can you protect yourself against malicious software in attachments?
If you want to stay safe, never open email attachments unless you’re 100% sure they’re legitimate. Even if you have received an attachment from your co-worker or family member, don’t rush to open it. Inspect the email, and if you have doubts, contact the sender directly.
If you have downloaded an attachment from your email, scan the file for viruses to verify that it’s not malicious.
Is Google safe enough to protect your emails? Email providers have spam-catching filters, but they’re not entirely effective, and some unwanted emails can still end up in your inbox. If you’ve clicked on a malicious attachment, no email provider will be able to help you.
Fighting malicious attachments with Threat Protection
NordVPN is an app designed to improve your cybersecurity by hiding your IP address and encrypting your internet data. It operates more than 5,200 servers in 60 countries, providing users with the best speeds and ultimate privacy.
NordVPN also has the Threat Protection feature, which scans all executable files (.exe, .dmg) you’re downloading with a size up to 20MB. If the app detects that the file is malicious, it deletes it before it can do any harm.