From Cybersecurity: Identifying malicious phishing attachments

One of the most popular methods of phishing is to persuade victims to open a malicious attachment, which infects a computer with ransomware or other nasty malware. Cybercriminals like to use this technique because they can make attachments seem legitimate, allowing them to often pass through automated security controls. By keeping it simple, cybercriminals can often get what they want.

Examples of bad attachments include:

• Delivery details
• Payment notifications
• Invoices
• Resumes and CVs

Here’s what to look for:

• Unexpected or unsolicited attachments
• Archive files such as: .zip, .rar and .7z
• Office files with macros such as: .doc (Word), .pptm (PowerPoint), and .xlsm (Excel)
• Files with double extensions (the only extension that matters is the last one)
• Emails with HTML attachments such as: .htm

Stay safe by:

• Installing the latest security updates
• Not trusting an attachment from an unknown sender
• Verifying any unexpected attachments

Before downloading an attachment, take a moment to consider the potential risks. A bad attachment can seriously compromise you and your organization. Always verify the source and content before downloading.