View more from News & Articles or Primerus Weekly

Cybersecurity Tips & Tricks

 

Unsafe Email Attachments

Almost everyone uses email in both their personal life and their workplace. Your inbox can include an email from your aunt with her stew recipe and an email from your boss with a guest list for an office party. But what if the email isn’t actually from your aunt or boss? Cybercriminals often pretend to be someone you know to get you to click unsafe attachments, such as fake Microsoft Word documents or PDFs. It’s important to learn how to identify unsafe email attachments and protect yourself.

Fake Microsoft Word Document Attachments

Older Microsoft Word documents are commonly used in cyberattacks because they can include macros. A macro, short for macroinstruction, is a set of commands that can control a .doc file and other programs. Cybercriminals may send you an email with a .doc file that contains a macro. The email usually looks legitimate and gives an urgent reason for you to open the file. If you open the file, a pop-up window will display asking you to enable macros. If you accept, the macros will be able to install malware on your device.

Fake PDF Attachments

PDF files are sent over email every day, making them perfect tools for cyberattacks. One popular type of attack is when cybercriminals put an image in a PDF file to trick you into clicking it. For example, it could be an image that looks like a video with a play button. The image will be something that catches your attention, like a cooking instruction video or a cute cat video. Unfortunately, clicking the image could send you to a website designed to steal your sensitive information.

What Can I Do to Stay Safe?

Follow the steps below to stay safe from potentially dangerous email attachments:

  • If a suspicious email appears to be from someone you know, contact them by phone or in person to verify that they sent it. 
  • Question or avoid .doc files in general. They use an outdated format and contain too many security risks. The newer .docx format is the current standard and is much safer.
  • Always think before you click. Cyberattacks are designed to catch you off guard and trick you into clicking impulsively.

 

Navy Dot Divider
This Cyber Tip was brought to you by the Cyber Security Subcommittee of the Primerus Quality Assurance Board and featured contributor KnowBe4, courtesy of Kerry Vickers of Aunalytics. We welcome your tips, which can be submitted to Paige Neirman at pneirman@primerus.com for publication consideration.