Danger of downloading email attachments

What this means is that you can actually receive an email from a good friend or family member with a dangerous email attachment.

While the malicious email attachment was sent from your friend's account, your friend did not send the email However, users are inclined to trust the contents of emails from friends and family.

Second, many email attachment scams come from senders who pose as banks or other authoritative entities, emailing you about an issue with your account. These messages say something to the tune of "There is a problem with your account at XYZ which is a real bank or organization in which you do have membership. Please open the attached file to view your balance or statement, credits or monies owed and so forth.

The email appears professional but vague, and then curious, and average users become slightly concerned and tend to open the attachment to try to figure out what is wrong with their accounts. However, the attachment is bogus, and accessing it will actually download a virus or malware and install it on your computer.

Unfortunately, many internet security software suites will not detect that an infection has occurred until after the fact, once you have already downloaded it. With all the sophisticated methods that hackers hold up their sleeve, it may seem impossible to distinguish between suspicious emails and legitimate messages. However, there is actually an easy way to tell if email attachments are safe that works the vast majority of the time. You can tell if an email attachment is safe by assessing the file extension.

The email body warns recipients of some urgent problem or issue requiring them to log in to their online bank accounts. We do occasionally see malicious. HTML attachments that loosely resemble legitimate bank.

HTML attachments, though. Compare this spoofed Navy Federal attachment HTML attachment from Chase bank:. Popular online services The bad guys also spoof popular online services, creating login pages that are well nigh indistinguishable from the real thing.

Here's a fake Google login page:. How many users will be savvy enough to realize that the HTML attachment they opened might not actually be a safe means to log in to their Google account? Not all spoofed login forms are service or brand specific, however. We have been seeing an increasing number of brand-agnostic email login forms, delivered both as. HTML attachments and live online web pages. Although this. HTML attachment prominently features the Google brand, it advertises to potential victims that the form will accept credentials for any manner of email address or account:.

Users could easily use their work email logins, thus opening a door directly into their employers' corporate networks. The two most common approaches used to trick users into supplying secure credentials to access a "secure doc" of some sort are the Adobe ID login:. Note the text in the above example telling users they are logging into Dropbox to access the promised document. And the "Other Emails" option means the bad guys are only too happy to accept users' login credentials for their place of employment.

Your Best Defense: Educating Users Untrained users who aren't technically savvy often work with very simplistic mental models of how the online threat landscape operates. Thus, while many users may finally recognize that. EXE and. PDF files are potentially dangerous or "bad," those same users will likely regard. HTML attachments as harmless and "good. Your employees need to be educated about the wide variety of potentially malicious email attachments -- including.

HTML attachments -- they may encounter in their inboxes. The HTML attachments we've shown in this blog piece are not widely detected by anti-virus scanners, and it's very likely they will end up in front of your users. Regular Security Awareness Training is critical to ensuring that your employees recognize and correctly respond to the actual threats they will encounter.

Find out how affordable this is for your organization and be pleasantly surprised. Topics: Phishing. All rights reserved. This can be done by looking at the file type, but that can be a bit complicated if you are not familiar with the dozens of different types commonly attached to emails.

The most natural way to ensure safety is to look at who is sending you the attachment , and if you are expecting to receive a larger file from that source. If things look suspicious and your inner alarm bells are going off, then do not move any further with this process.

If everything checks out though, then you are ready to move forward and fully download your file. For our purposes of downloading the attachment, we need only worry about the icon to the far left with the downward pointing arrow.

Click this, and voila, the downloading of your attachment will begin. Depending on the file size, this can take anywhere from a few seconds to hours. Being close to a power source is always a good idea when doing a more involved process like this. You should be able to see the progress at the bottom of your browser , and the icon will match the type of file type you are downloading. Once complete, the attachment is now off the internet and on the actual storage of your computer.

The easiest way to view the attached is to simply click the icon in the bottom left corner of the screen , the same place we watched the file download. Move your mouse over this and click, and if you have the necessary software, it will open automatically with it.

Alternatively you can click the upward arrow tip to the right side of the file. This will perform the same function as clicking the icon initially. Here we have a nice broad view where we can see from left to right the name, size, kind, and date of each filed downloaded.

These columns are adjustable in size, and the numerous icons above them mostly deal with organization. None are key for our purposes of viewing the attachment though, so we can safely ignore them for now. To manually open an attachment with a specific program , right click with your mouse or click with two fingers if you are using a trackpad , and a drop down menu will appear. This will show you all the available options you have to view this file type. The default choice pictured here is Adobe Acrobat Reader DC , and the first option is what your software recommends.

However you can use others if you select them here manually from the dropdown menu , this is just a matter of personal preference with viewing programs. If an application is greyed out, that means it is not able to open the downloaded file.