It’s Monday morning and you’re opening and responding to a slew of emails. Suddenly one seems a bit out of the ordinary. It’s from someone you’ve corresponded with before but perhaps not recently. There’s no text in the body of the email and there’s an attachment. You weren’t expecting an email or an attachment from them.
Do you open it?
Or here’s another scenario. You get an email with the Subject Line: Notice of appearance in Court #42674. The body of the email informs you that you have a court appearance scheduled for next month. A copy of the “Court Notice” is included in a zip file attachment.
Do you open it?
Security experts would caution you against doing so.
Email file attachments are common vectors for malware, including the dreaded ransomware you’ve likely been hearing a lot about. Attacks have risen by 250 percent in 2017 alone, hitting the U.S. the hardest, according to security firm Kaspersky and detailed in this Newsweek story. Malware includes viruses and spyware that can steal personal information. According to this Federal Trade Commission post, spyware can be used to record a person’s “keystrokes, which, in turn, could lead to identity theft.”
You should always use caution when opening files that come from someone you don’t know, or something that you weren’t expecting. Here are a few file types you should be extra careful about:
- .EXE: You might have heard about executable file types (.EXE), and that they can commonly include threats, this is true — and they’re by no means the only one. This information from Symantec provides a list of file types that can include threats. As you can see, it’s a long list. So aside from that Symantec list, what are some other common file types you should watch out for?
- .JS (but beware, it might not appear to be a JavaScript file): According to this Sophos story, up until the end of 2015, many ransomware inquiries involved emails with Word docs attached. The unsolicited attachments would ask you to enable a Microsoft Office feature called macros. Now, crooks are turning to JavaScript attachments instead, which contain files with the extension .JS rather than .DOCs or .RTFs. “The crooks often add a double extension to malware filenames, such as receipt.PDF.js. When Windows suppresses the final extension, the second-last extension gives the impression that the file is not what it seems, showing up simply as receipt.PDF,” according to the Sophos blogpost. To protect yourself, they recommend you tell Explorer to open .JS files with Notepad by default and you tell Explorer to show you files with their extensions, which many folks argue should be the default but Microsoft has yet to make it such. Step by step directions on how to do each can be found within the afore-linked Sophos post.
- .LNK and .SVG: According to this story from PCWorld.com, malware distributors are switching to less suspicious file types, like LNK and SVG attachments rather than JavaScript, in order to trick users. Beware of these types of files.
For Mac users
Apple shares some safety tips for handling email attachments and content downloaded from the internet here. They recommend that if you’re unsure about a particular file, you use the Finder to see if a file is really an application. Here’s how:
“After selecting a file, either on the desktop or in a Finder window, you can use the Get Info command (Command-I) to look at the file’s ‘Kind.’ When using the Column view in the Finder, this information is automatically displayed for the selected file. If you are expecting a document, but the Kind is something other than the expected document type, then you should avoid opening that file. Do not double-click its icon or use the Finder’s Open (Command-O) command on the file, or otherwise open it.”
There are a number of Kind types that identify applications. Be extra careful if the email attachment or downloaded file has a Kind that includes the word Application or is otherwise suspicious. According to Apple, you should also be extra cautious with the following file types:
- Unix Executable File
- Script
- Terminal
- TerminalShellScript
- Jar Launcher Document
Are you covered for identity theft?
Get Covered
Image: Pixabay