Detect a Malicious Email

How to Identify Malicious Email: Malicious Attachment

Written by | Featured, Security

Every day, all day, we receive emails from our peers, colleagues, friends, newsletters we have signed up for, and more. Businesses use email to communicate change, deals, new products, and sales with their customers. Banks and credit card companies send monthly statement notifications and notifications of suspected fraudulent activity. So much communication is done in email because it’s easy and free. For to that reason, there are also criminals looking to exploit email communication by falsifying emails of reputable companies and emulate business email in an attempt to lure the recipient to respond with personal sensitive information. This can be done by including malicious links, malicious attachments, and fraudulent data entry forms in email with the intent to trick people to fall for their scam and provide personal and sensitive information. Sometimes these criminals use any information that can be found publicly to make their email more enticing and credible, information found on social media, public websites, and use your email since it’s fairly easy to find.

Free email services like Gmail, Hotmail, Yahoo etc., do a pretty good job of filtering spam and malicious email, and your organization has likely invested in a reputable email threat protection, but cybercriminals constantly adapt and improve their technique and sometimes malicious email can get through spam filters and threat protection. In this post we will cover how to identify phishing email with potential malicious attachment. 

Malicious email attachments can contain malware that gets installed on your computer when you click to open the file. These are delivered in the form of an unsolicited email. Malware can consist of keystroke loggers that log what you type in your keyboard as entries into forms, such as credentials, credit card numbers, and other personal information. Ransomware are files installed to directories on your computer that lock up all the files on your computer making them inaccessible to you unless you have the decryption key. 

The email below is an example of an email received with attachments. The text outlined and numbered identifies things to look at to help identify a malicious (phishing) email. 

1 – Subject indicates this email is about finance. Which is typical for phishing emails.

2 – Always check the sender’s information, majority of the time it looks legit but here are some things to look for:

  • Check the sender’s information, don’t just rely on the name. If the email is from a business check the domain after the @ to ensure it matches the business’ website address. Legit companies typical have domain emails, especially large established organizations. 
  • In this example the sender has a .pl domain which is from Poland. I don’t know anyone nor have done business with any Polish organizations so I know it isn’t legit.
  • Make sure no alterations have been made to a legit domain for example sender@applee.com where there is an added e at the end of apple.
  • Even if the email looks entirely legit it can still be spoofed by the sender, although spam filters do better about identifying email spoofing.

3 – Unsolicited attachments. Most businesses no longer attach important documents nor request through attachments. Instead direct you to the section on their website where you can find the information. High risk attachments include, but are not limited to .exe, .pdf, zip, and .scr. 

4 – Phishing emails include a sense of urgency to act promptly and provide personal information via email. Legit businesses do not request your person information via email. If in doubt, contact the business directly.

5 – Double check URLs. Links in the email should match the link when you hover over it. If the URL doesn’t match the context of the email or has a sequence of numbers in the domain, don’t click it. Always hover over the URL with your mouse without clicking the link.

Malicious Email Diagram

Don’t be afraid to contact the business directly to verify sales, deals, request for payment, or personal information. If you receive a suspicious email, do not click any links, do not open attachments, and delete the email. If you can label it as spam, also do so. It’s always advisable to have an antivirus software on your Windows computer to detect potential threats and clean up any adware, spyware, or malware that may make it to your computer.

If you happen to click on a malicious attachment or link run a virus scan right away on your antivirus software. If the antivirus software does not need the internet, disconnect your computer from ethernet or WiFi to prevent other devices or drives on your network also get infected. Here is some more information on how to protect yourself and your organization from Ransomware from published by the FBI. The article also includes tips for dealing with a ransomware threat.

Last modified: January 4, 2021