The 4 Most Damaging EMail Attachments

10 Jun

Email attachments have been blamed for viruses, malware and complete and utter computer breakdowns many times in recent years. Despite the plethora of warnings stating “do not open attachments from unknown senders” and “do not click on links in Emails”, still people, and entire corporations fall victim to the plight of an infected or malicious email attachment. More recently, Trickbot, Gandcrab, NanoCore Remote Access Trojan, and AgentTesla malware are malicious infections that have been contracted by opening seemingly innocent DOC files and ZIP attachments!

Spam isn’t Always Easy to Recognise

Not all online and email scams are as obvious and easy to spot as the infamous Nigerian prince looking for ways/reasons to send you spans of money. Some scams look so legitimate and trustworthy that the average man on the street will fall prey to it with little encouragement. That being said, what can you do to ensure that you spot the warning signs of a malicious attachment? Being aware and knowing what to be suspicious of is a good start.

The first thing you need to know is that hackers do their very best to keep their intentions secret. They won’t make it evident that the attachment is malicious, so you need to do a bit of detective work. Any regular PDF, DOC, XLSM, ZIP, ISO, or IMG file can be used for a spam or malware campaign, and this makes recognising a threat all the more complicated.

4 Types of Attachments You Should Be Wary of

We have already mentioned these file types above, but here are 4 of the most dangerous email attachments and how they are used to deliver destruction to your device & data.

1. Trickbot Modular Banking Trojan Spread by DOC/XLSM Files

This trojan is typically sent as an Excel spreadsheet detailing tax records and similar. Once the spreadsheet is open, a BitsAdmin tool takes control and starts stealing data from the device and network, in particular, banking data.

2. GandCrab ransomware spread with ZIP files

GandCrab ransomware, when unwittingly installed on a computer, encrypts all the machine’s contents and then displays a ransom note to the user. Once the user has followed the instructions on the ransom note (usually to pay money), it is expected that the ransomware can be removed. This ransomware looks much like a ZIP file photo attachment in an email.

3. Amex Phishing via PDF File

This phishing campaign specifically targets American Express customers. An email is sent out with a PDF attachment stating that the customer’s Amex account is “under review”. Once the email is opened, the attachment contains a link directing the customer to a secure message from Amex. Once the link is clicked on, it takes the customer to a Malicious website page which looks just like an official Amex page. Here, customers unwittingly input their banking details where hackers promptly steal them.

4. Winner scams Sent by PDF File Attachments

One of the biggest email scams is the “winner scam”. The email, which looks as though it comes from an official Google email account, states that the recipient has won in the online Google sweepstakes. To receive the prize, the recipient must input their personal details and the bank account details where they wish to receive their winnings. Of course, sensitive data is provided such as ID number, address, telephone number etc. There are no winnings – in fact, the entire scam is being run by identity thieves who then use the personal information to open accounts or take out loans.

What to Do

If you receive emails with attachments from people you do not know, do not open the email. It is also highly unlikely that you will be advised of a big win via email. If you are suspicious, google the phone number for the company and call them directly to verify that the information that you have received is legitimate. Also, never provide your personal details to a person or company you have not made initial contact with (or know) yourself.

If you have any tips and pointers to help others avoid email attachment scams, we’d love you to share them with us.

Comments are closed.