Internet Skeptic Blog

Posted by: Bob Bayn on Dec 18, 2012

Use Caution When Opening Email Attachments

What does that even mean? How can you open an attachment "cautiously?" Unexpected email attachments can be dangerous. What does an Internet Skeptic do?

Email was created in the days of Complete Innocence (about 1972 to 1991).  It was a service designed in complete ignorance of the possibilities for mischief.  Email can be forged and faked by anyone with any agenda.

Nowadays, hackers take full advantage of that innocence.  They can copy a completely legitimate and familiar looking message that you would recognize from a trusted business.  They can include trademarked logos.  They use the reputation and trust created by legitimate senders as a cover for their mischief.

An email message can have an attachment that carries and attempts to deploy some malware when you open it.  The only way to be "cautious" when opening such an attachment is to evaluate the possibilities BEFORE you open it.  Here are some things to evaluate:

  1. Were you expecting this message from this sender?  If not, an alarm bell goes off.
  2. Does this message describe something you didn't expect or doubt is true (like a charge on your credit card)?  Another alarm bell goes of.
  3. Does the sender address match up with the description of the sender in the message?  If the message says it is from Paypal but the sender address is something like paymentdispute@paypal.cz or if the message says it is from the IT HelpDesk but the sender address is Hector.Heathcliffe@hardknocks.edu, then yet another alarm bell goes off.
  4. Is the attachment of an unusual filetype like .zip or .exe?  Then another alarm bell goes off.
  5. Is the attachment of an unlikely filetype for what the message claims about the attachment (like a .xlsx for a document), r-r-r-ring-a-ding.

If one or more alarms went off, it is probably best to do something other than opening the attachment to confirm it.  Consider these options:

  1. Contact the sender separately for confirmation of the message.  Email your friend; call the bank.
  2. Download the attachment without opening it, and submit it to virustotal.com for analysis by 46 different virus checkers.
  3. Do a google search of the subject line or a key phrase in the message to see if there are any posts about similar mischief.
  4. Forward the whole message with the attachment to some evaluation service like phish@usu.edu.
  5. Just delete it and forget it.

If you decide to open the attachment after considering all the alarms and options, there are still some things to watch out for:

  1. The attachment may have been a way to deliver a scam message without detection by the spam filter, so you should still be skeptical of the content.
  2. The attachment may be a web page with instructions that shouldn't be followed or with links that shouldn't be clicked.
  3. The attachment may still be well crafted mischief using a new exploit that the virus checkers don't know about.  Your important data files had better be safely backed up and your computer operating system and media tools like Acrobat, Java and Flash had better be fully patched!

So that's what "open cautiously" really involves.

Bonus tip:  An email message can also display one web address but send you to a different address when you click on it.   You can hover your cursor over the link and your browser will show you where it REALLY goes.  (Even that feature can be faked, but it's a lot more trouble.)  See:  https://it.usu.edu/computer-security/internet-skeptic-blog/articleID=20354

Thanks for being an Internet Skeptic!