Scams and Viruses: Which Email Attachments Are Safe to Open? | Woodruff Sawyer

If an attacker manages to get an employee to download and open a malicious file sent as an email attachment, the door will be opened for a variety of incredibly damaging scenarios for your business: data theft, fraudulent wire transfers, and leaking of confidential information are just a few of the possibilities. Given what’s at stake, it’s not an overstatement to say that email security is more important than ever.

Although it may be tempting to simply ask what types of email attachments are generally safe to open, the answer isn’t so straightforward.

Let’s start with some common warning signs of an email that may harbor a malicious threat.

Filenames with Double Extensions

Giving a misleading filename to an email attachment is not a new tactic by any means, but you’d be surprised how often hackers continue to get away with it. This can be as simple as adding what appears to be a harmless file type extension just before the actual extension with hopes of the potential victim overlooking it with a cursory glance.

For example, naming an .exe file something like file.txt.exe to make it appear as a .txt file is a common method. It’s relatively easy for someone to hover over the file, see a .txt in small letters on the screen somewhere in the name, and assume it’s okay to open.

Suspicious Sender Addresses

Another favorite tactic from hackers involves masking their email addresses with fake ones that appear to be official. This can be in the form of a first and last name, or the name of a company, such as Facebook. However, when you click on the sender’s details, you’ll see the sender’s address is something entirely different. Fake sender address emails are notorious for encouraging recipients to click on a link or download a supposedly safe attachment.

Unwanted Offers

Sometimes a fake offer in the form of a deal or giveaway from what appears to be a well-known company can make it past your email host’s spam filters. These emails typically have links that redirect you to a fake website that attempts to lure you into submitting your login credentials. However, some still come with email attachments containing misleading names.

It’s also not uncommon to…