Warning signs for email attachments that spell danger

These days the phrase ‘avoid the virus’ means more than just taking the necessary steps to secure your personal health. It also means taking the necessary steps to secure the health of your digital work platforms and networks. With office routines turned upside down and likely lapses in regular reminders about online security, it’s important that anyone working remotely keep security front of mind.

One critical thing you can do to avoid introducing viruses on your device or into your organisation’s network is to steer clear of dangerous email attachments.

Why is it dangerous to open suspicious email attachments?

Any email attachment can carry software that cybercriminals have developed specifically to damage or exploit your device or network. Because that software has been designed with malicious intent, we use the term ‘malware’ to describe it.

Cybercriminals may use an attached document, PDF, presentation or image to disguise their malware and it will launch once a user opens the attachment.

Cybercriminals design malware to steal data, sabotage and extort money. The do so using many techniques but there are a couple that are most prevalent.

1. Phishing

Phishing is a human-to-human con job conducted by email. Cybercriminals’ goal is to lure the email recipient into believing that an email attachment contains vital information, either about their health, wealth or career, or about important business procedures.

Opening an infected attachment can have serious consequences. It may launch a keylogger which steals personal information such as usernames and passwords, takes periodic screenshots, grabs sent emails or harvests credit card numbers and bank details.

It can also clog your computer and spread throughout any network you use, not just disrupting your own computer operations but those of people you deal with online.

2. Ransomware

Ransomware, a form of malware, can be delivered by email attachment. It makes a computer or its data unusable or inaccessible. Cybercriminals then demand payment from victims to release the data.

What email attachments are regarded as high risk?

Email attachments will have two or three letters after the file name and the full-stop. Those letters indicate the type of file that is delivering the information in the attachment. If you know more about which file types attackers like to use, you’ll be better prepared to identify suspect files.

Exe files

An executable file (.exe) has encoded instructions that tell a computer system set a function in motion. That function might be to install or run a new software application. Although exe files are often legitimate Windows applications, attackers can also use them to distribute viruses or other malware.

Compressed files

Compressed files have a lot of valid uses, particularly when co-workers are working remotely and need to send large volumes of information.

Basically, compressed files allow workers to bundle up multiple files or folders into a single container file and shrink it to a size that can be more easily and quickly emailed.

But just because you get a compressed file, doesn’t mean you know what’s in it. That’s why attackers love them. Compressed files can be used to hide or obscure malware.

Although there are compressed file extensions you might be familiar with (such as: .zip; .rar; .sitx; .gz), it’s worthwhile knowing that there are many more.

Microsoft Office documents

No longer the simple static files they once were, Microsoft Office documents now offer new functionality for users in the form of add macro and scripting capabilities that work in much the same way as executable programs — telling systems to run processes. And with that added functionality comes the opportunity for attackers to embed their own scripting and malware. So, the next time you’re about to open a Word document, Powerpoint presentation, Excel workbook or template, check to make sure you were expecting the attachment.

ISO files

In mid-2020, Microsoft warned of emails that trick users into downloading ISO file attachments. These files have a remote access trojan that gives attackers control over the infected device or host network.

The warning was timely, as until now, ISO files carrying malware had been relatively rare.

Traditionally, ISO files have been used for archiving purposes. They are often used to create a backup of a physical discs like CD, DVD or Blu-Ray and can be used to save and send large chunks of information in a single file.

Where you once would have needed special software to open an ISO file, it’s now an integral part of today’s Windows operating systems, and that’s what is making it more attractive as a vehicle for attackers.

Is it safe to open email attachments that come from unknown sources?

Although you may have installed security software designed to catch and protect your device from malware, it’s not faultless and you shouldn’t consider it your only line of defence against attackers.

You should be immediately wary of any email attachments from unknown or suspicious sources.

Best practice is to delete such emails immediately without replying, forwarding, or otherwise interacting with them, but check your employer’s protocols first.

Tips to avoid viruses from email attachments

There are five simple steps you can take to avoid unsafe email attachments.

1. Use antivirus software

Although antivirus software is fallible, it is a proven defence against the majority of attacks.

Make sure you install issued patches and update it regularly, and that your system is configured to scan all attachments or images embedded within emails or instant messaging attachments.

2. Back up your system regularly

Having a good and regular back-up regime is essential. Having an offline system backup copy is even more important. Although you might have online back-up protocols, there are still indirect paths through which backups can become infected with a virus. Your best to defence is have your secondary system copy offline.

3. Do not open attachments in emails that have bad grammar

If the phrasing in an email seems ‘off’ as if the sender has put it through a bad online translation server, then chances are that any attachments to the email will be ‘off’ too.

4. Do not open unsolicited attachments

The first and best way to avoid being caught out is to never open an email attachment that you were not expecting, even if it comes from a sender you know.

That’s because there are viruses out there that can ransack your senders’ contact lists and trigger email attachment spam that sends itself to everyone on those lists.

Just because you know the sender doesn’t mean that they actually sent the email you received.

5. Do not open attachments with strange file names

While it may seem obvious not to open files with names like “yourwinnings” or “freemoney”, it can be less obvious when file names suggest they have important information to do with tax or banking, invoices, healthcare, parcel delivery or even administration of your online devices.

The best test is to think about how you would name a file. If a file name is overly long with lots of letters and numbers, has special characters (?, *, %, #, % etc) or has multiple file extensions (filename.jpg.exe), then it should ring your warning bells.

What to do with a suspicious email attachment

If you do think you’ve received a suspicious email attachment, don’t panic. Unless you interact with that attachment, it’s unlikely that malware will be activated. The source of the email will determine what other steps you can take to protect your device.

An unexpected email attachment from someone you know

If you have received an unexpected email attachment from someone you know or from a company or institution you work or deal with, do not to hit ‘reply’ to the email even if your intentions are to check if it’s legitimate. Such action could put malware in motion. Instead, it’s worth giving the sender a quick phone call to make sure they intended to send you the email.

An unexpected email attachment from someone you don’t know

If you don’t know why you have been sent an email with an attachment from someone you’ve not dealt with previously, then there’s a high chance someone is trying to bait you to open the attachment.

Do not open it, reply to it, or forward it to anyone else. You should report it to your company’s IT team and follow their protocols. Generally, deleting the email and then emptying your ‘trash’ folder will remove the threat.

If you feel you have to view the information it contains, you could save it to your computer and manually scan the file using your anti-virus software. If the file is clean and doesn’t seem suspicious, you can open it.


Malware does not install itself.

Interacting with an unsafe email attachment by opening it, forwarding it or replying to it can set a chain of events in motion that can have serious consequences for you, your device and even your organisation.

However, by being more aware and vigilant, and by taking a few simple steps, it is possible for you to mitigate many of the risks from malware.

These are tips that everyone in your organisation should learn, particularly during this time of operational disruption when cybercriminals are most active.

Take a coordinated approach to cybersecurity and shore up your defences with cyber awareness workforce training from Phriendly Phishing. Book a demonstration with us today.