If You Open A Suspicious Email Attachment, Ask These 3 Questions

April 20th, 2020
If You Open A Suspicious Email Attachment, Ask These 3 Questions

Email scammers use every weapon available in their arsenal for monetary gain or for plain mischief. Even those who are working from home should not let their guard down. Given the current crisis, scams could come in the form of cancellations and refunds purporting to be from legitimate entities as well as other opportunistic cons.

Before you take any action with that suspicious email attachment, ask yourself these questions.

Questions to ask yourself before opening suspicious emails

Do I know the sender?

There are emails that you receive fairly regularly and can easily tell aren’t malicious. These are emails from colleagues that you closely work with, your direct manager, or a newsletter you’re subscribed to. If you receive an email from an address you don’t easily recognize, proceed with caution. It may be harmless but it may also be carrying malware.

But even if you can easily spot malicious emails from unfamiliar senders, it’s not as easy to spot one from a spoofed address. A spoofed email will look like they came from a legitimate sender, like a bank, government agency, business supplier, or friend or family member.

If you receive an email purporting to be from your bank asking you to click on a link, check the address. It’s quite easy for scammers to forge emails, so if your company’s CEO’s email address is johndoe@hotmail.com, scrutinize an email you receive from a john.doe@hotmail.com especially if the message is unusual or claims to be urgent.

Does the message make sense?

Speaking of unusual messages, there are obvious signs that an email is fraudulent. They are poorly written, have glaring grammatical and typographical errors, and contain urgent requests to click on a link or download a file.

Be wary if you receive emails from recognized entities such as PayPal, Google, or FedEx, specifically asking you to click on a link or download a file. If you’re not expecting payment from anyone, don’t open a link in an email pretending to be from PayPal. If you’re not expecting a delivery, junk that suspicious FedEx email supposedly containing a delivery tracking number.

Do I know what’s in the file with an unfamiliar file extension?

If upon receiving emails with unfamiliar extensions such as .exe, your first instinct is to alert your IT department or flag such mail as junk, you’re doing the right thing.

These .exe files are essential for Windows to run programs, but they’re also widely known to be dangerous on Windows systems as they contain code that could disable antivirus programs or perform other harmful actions. Note that there are other malicious file extensions that can infect Windows computers and they may be concealed in a ZIP file.

You also need to be vigilant, even when receiving Microsoft Office file attachments such as Word, Excel, and PowerPoint. Attachments with .doc, .xls, and .ppt file extensions may contain malicious macro codes that could run arbitrary commands on your PC.

Is the attached file properly named?

If you receive an email with attachments labeled “xtin@3bio”, “WinOneMillionDollars”, or anything unintelligible, bizarre, or plain suspicious, err on the side of caution and regard it as dangerous. If the attachment was sent by an unknown sender and accompanied by a poorly worded missive, all the more reason to junk it.

If you answered “No” to any of the above questions, you likely have a fraudulent email on your hands.

How to protect yourself from dangerous email attachments

  • Use antivirus programs – No computer in your organization should be without an antivirus program installed. If you must open an attachment, run it through an antivirus scan. This extra step may seem tedious but it’s worth doing, particularly if you receive a lot of files daily.
  • Train staff to be more vigilant – Cybersecurity practices must be tightened as more staff work from home and telecommuting policies are being put in place across organizations. Ensure employees remain well-trained in spotting suspicious emails and, more importantly, not downloading email attachments. If an email attachment looks suspicious, it probably is.
remote work finger print scan

Having cybersecurity concerns with remote work?

Your business can still maintain cybersecurity even with remote workers!

Need help implementing an effective cybersecurity protocol? Start with a FREE assessment and find out exactly what you need to ensure your remote staff adheres to good cybersecurity habits.

Schedule Your Free Assessment Now!

For as long as you use emails, you will have to fend off email scams. Summit Advisors’ IT consultants can help secure your computers with email filtering, secure encryption, and other protections. Give us a call to get a FREE assessment.


Leave a comment!

Your email address will not be published. Required fields are marked *