Working from home has made email to remain a common way to spread malware. The email will come with a malicious file attached for the recipient to open. These emails may come as spam or phishing email mostly.
- Executable files - like .exe files and MSI installer package files.
- Compressed files - malware will be concealed in archives like zip, rar etc.
- Microsoft Office Documents - These files can contain embedded macros as scripts for downloading and installing malware.
- PDF files - PDFs can conceal malware. The format can be used to create and run JavaScript files.
- ISO and IMG disk images - malware can be embedded Inside the image as a malicious executable file that executes when mounted or run.
The general rule of thumb is not to open any email attachments, unless you’re absolutely sure they’ve come from a trusted contact, and you know what the attachments are, or you were expecting the attachments.
Here are other ways to deal with attachments:
- Do not open suspicious emails from unknown sender addresses.
- Do not allow macros to run in documents that arrive by e-mail unless you’re certain that you have to.
- Treat all links with caution. Ignore the links, or manually enter the address of the website in your browser if you have to follow the link.
- Use reliable endpoint protection that will detect dangerous attachments, then delete or quarantine them.
- For corporate emails hosted on services like Office 365 some email security solutions will be integrated to check emails whether internal or external for malicious attachments.
