Email Attachment Security Risks & How to Handle Attachments Safely

Email Attachment Security Risks & How to Handle Attachments Safely
Page content

Email is Still Cool

You may think with Instant messengers, chat programs, social networks, and the growing mobile community that email is a thing of the past. Not so, according to statistics that come out during the year, including one that stated over 100 trillion emails were sent in 2010 from 1.9 billion people. Of course, around 80% of this was mostly spam, but it’s a telling indicator that even with the emergence of more and more communication and collaboration software, we will still most likely fall back to emailing.

And what’s not to like about it? You can send messages to anyone at anytime, as long as they have a valid email address. Email addresses are used as usernames and confirmation details for website sign ups, as well as being an alternative way of getting a hold of someone. For most people, their email account also ties them in with their provider’s other services, like chat programs, calendars, and even their mobile phones.

One great thing about email is the ability to add attachments - files, documents, pictures, and sometimes even programs to otehr people like our friends and family. Most of the time, these are easily accessible from the email itself; however sometimes these attachments are actually malicious threats in disguise. No matter what you use your email for - whether personal or professional - you need to have some soft of protection in the security of an email attachment.

The Risks of the Email Attachment

The risk of receiving an email attachment is not only based on who sent it, but also what the attachment could hold inside. Most email

programs now allow you to view an attachment before you open it, whether it be a picture or document; this shows you that what you’re about to download is exactly what you’re expecting.

However, the rise in phishing scams - especially those are targeted to those who use online banking and social networks - can mislead many people to open attachments from these emails that look authentic.

Thieves and hackers will manufacture emails and even websites to trick users into handing over their personal data. It works like this - you receive an email from what looks like an authentic announcement from either your banking institution or even a social network, like Facebook. The email may state that there are changes that have happened that will require you to reset your password. In most cases, a zip file will be the attachment and will, apparently, hold a new password for you.

When you click on it and then download it, you have just allowed for malware or even a virus to enter your computer system.

This is not just limited to that of fake “official” organizations; if your friends or family computers have been infected, it may send out emails to everyone in their contact list, which then looks at though they are sending you an email with an attachment.

Handling Email Attachments

When receiving email attachments, both at home or at work, keep these simple tips in mind before opening them -

  • Verify that the email is authentic. Don’t click any links inside the email; instead, open a new tab or window in your browser and go to the actual website. If there are any changes - those that are said to be happening from the email - there should be a mention about it. Also, most companies will send a copy of an email to your account’s inbox. If you don’t see one there, your email could be a fake.
  • Never download anything that you aren’t sure of, even if it’s from your friend or family member. Most often, they themselves have been a victim and in this particular case, the malware or virus sends itself out to all of your friend’s friends, which just happens to include you. In most cases, you may receive an email from your actual friend that warns you about the email.
  • Keep your computer and antivirus program up to date. Most antivirus programs are equipped to scan email, especially those with attachments. Keeping both your antivirus and your computer up to date ensures that their databases know what to look for when scanning your computer.
  • Always try hovering over both the email address and attachment with your mouse; this will usually show what the attachment is and who it’s from; fake emails will usually have a difference address than what’s listed.
  • Remember - official organizations, from your banking and financial institution to your social network will never ask for your password within an email, nor for any other type of personal information. Don’t be fooled because the email looks authentic; again, always check outside to the business’ official website. In most cases, you should be able to contact someone from support who can answer any question you have.

References

The Perils of Email Attachments from Cyber Coyote, https://cybercoyote.org/security/av-attach.shtml

Number of Emails Sent in 2010 form Business Insider, https://www.businessinsider.com/internet-statistics-2011-1

Image Credit: Free Digital Photos/Idea Go