Weekly Tip! Using Attachments

Phishers aren't really as bright as you might think - they just know how to reuse what works. One of their favorite tricks is to attach a file to an email, and trick us into opening the attachment. While it may appear to be a PDF document or a Word document, the file is compromised and contains a "weaponized payload" (some sort of malware). 

So how can you tell if an email is a phish? Ask yourself a few questions:

- Is it from someone I know? Don't forget to actually check the return address; it's easy for an attacker to put anything into the "Reply To" field, but more difficult to trick the reply-to email field.

- Was I expecting it? Do you normally receive files from this recipient? Are you currently engaged with them in such a way as to expect emails with attachments?

- Does it make sense? If you don't work in Accounting or Accounts Payable, and you recieve an email claiming to have an invoice attached, it probably doesn't make sense.

- Do I feel pressured? Even the worst phishers know, creating a sense of urgency on your part makes it more likely that you'll take the bait. Tricks to create urgency include communicating deadlines with stiff penalties for tardiness. 

- Does it just look weird? Many phishers fail to 'polish' their tempting treats, and send emails with broken links, missing images, inconsistent fonts, and either poor grammar or nonstandard word choice. 

If you see an email with an attachment, and answer "No" to even just one of the above questions. it's quite likely to be a phish.

• Related Articles

• Weekly Tip! Blank Image Phishing Scams

  Most email providers have security filters that check emails for malicious links or attachments. You may feel like you can rely on these filters and, as a result, trust that emails sent to your inbox are safe. Unfortunately, cybercriminals can take ...

• Weekly Tip! EvilProxy and URLs

  About a week ago, researchers uncovered a new "phishing-for-hire" tool called EvilProxy. The tool sends standard phishing emails to recipients, but it implements some advanced hacking techniques to dramatically increase the odds of taking over your ...

• Weekly Tip! Fraudulent Funds Transfers

  Organizations often use email to send their employees invoices that they need to pay. Now, cybercriminals are taking advantage of this process by using fraudulent funds transfer (FFT) scams. In FFT scams, cybercriminals try to manipulate you into ...

• Weekly Tip! Disaster Relief Scams

  When a natural disaster strikes, many people rely on insurance providers for disaster relief to help them pay for damages to property. Unfortunately, cybercriminals can take advantage of this vulnerable situation by manipulating you into sharing ...

• Weekly Tip! Twitter Blue Scams

  Elon Musk, the CEO of Tesla, recently purchased the social media platform Twitter. Since this purchase, Twitter started allowing users to pay for a monthly subscription called “Twitter Blue.” Twitter Blue displays a blue verification checkmark next ...