Gmail header on computer

With more departments working remotely, an email from the IT department asking for remote access to your computer isn’t an unreasonable find in your inbox. Cybercriminals know this.

Malware in the form of an email attachment is the easiest way a cybercriminal can attack an organization. Using Social Engineering, cybercriminals can pose as job candidates easily convincing HR departments to open files like “resumes.docx” without considering that a link or file may actually be Ransomware or Keylogging software.

With more organizations operating remotely, an email from the “IT Department” asking employees to update an organization’s software through an email attachment isn’t a far reach, especially in a time where fewer employees are commuting to the office and digital communications are at an all-time high.

Emails from cybercriminals posing as trusted sources are a common phishing scheme that can cost organizations. Some schemes are socially engineered to pose as a coworker asking to send gift cards, others are hackers sending malware via attachment.

What is Malware?

Malware is any software designed to disrupt, damage, or gain unauthorized access to a computer system. Malware can lay dormant on an organization’s systems for months before activating. In some cases, this malware can be linked to software that isn’t hurting anything on the network but is just gathering information for cybercriminals.

Files That Are Commonly Attached To Email 

These are the most common types of files attached to an email.  If you receive an email from an unknown sender, email the sender back before opening any attachments.

  • .Txt Files that end in .Txt are typically safe to open. There have been instances in the past where cybercriminals have sent out mass emails that appear to be .txt files, but really have an additional extension that was no displayed by most email programs. As soon as users opened what they thought was a .txt file, the other extension ran instead.
  • .PDF PDFs are also considered safe to open. However, there have been known cases of security gaps in programs that open.PDF files. Even though these files are typically safe top open. Verify that the sender is someone trustworthy before you open the attachment.
  • .doc/.docx/.xls/xlsx/.ppt/.pptx Microsoft Office Documents of all types are very commonly manipulated to contain malware. Microsoft Office created .docx to help mitigate the number of macro viruses that could be attached to files that ended in .doc. If you receive a file that ends in .doc ask the sender to resend the file as a .pdf
  • .jpg this extension is often used to camouflage executable programs. If the full file extension does not show on your email program you could face challenges or malware.
  • Compressed Files .zip/.rar can have malware embedded in them that is released as soon as the file is opened. These files should not be opened from any unknown senders.
  • Executable Files- Most email providers now filter for this file type and block emails with these files attached to them. Executable files can contain anything from legitimate software updates to actual malware.
At Metropolitan Risk, we offer a full cyber evaluation to help your organization recognize its digital strengths and weaknesses. Click here to request a Cyber Evaluation or call 914-357-8444 to speak with a Risk Advisor.