5 Types of email attachments you should look out for

Email is one of many entry points that cybercriminals can exploit to attack your system. By using innocuous-looking messages, they can successfully plant viruses, spyware, worms, and ransomware that can steal private information or cause downtime.

But because you really can’t avoid using email, you have to be vigilant with email attachments. Cybercriminals attach different types of files to emails to plant malware onto their victim’s system, such as:

1. Executables

Common file extensions: .exe
Cybercriminals use executable files because of the ability of these to run codes that can modify a computer system. These files are often named something innocuous-looking like “Antivirus.exe” or “Chrome.exe” to allay the receiver’s suspicions and persuade them to open the malicious file.

For instance, the Fantom ransomware back in 2016 was packaged in a file named “WindowsUpdate.exe”. Once executed, it appeared to install an update on the victim’s PC. However, it only encrypted the user’s files and demanded money in exchange for data decryption.

There are no reasons for executable files to be shared via email. If you receive an unsolicited message containing a .exe file, delete it immediately.

2. Scripts

Common file extensions: .js, .vbs, .php, .asp
A script is a text document containing instructions written in a certain language to automate computer processes. While not inherently malicious, scripts are used by cybercriminals to install malware on users’ computers.

A good example of this is the ILOVEYOU worm back in 2000. The malware’s scheme took advantage of Windows’ default setting of hiding file extensions, so a malicious script such as “love-letter-for-you.txt.vbs” will only display as “love-letter-for-you.txt”. What’s more, a script file’s icon is of a paper scroll, which can make the user think that it is indeed a text file.

To avoid such types of malware, configure your computer’s settings to display file extensions. Here’s how to do it:

Windows 10:

  1. Click Start > Documents.
  2. Under the View tab, check the box next to “File name extensions”.

Windows 8 and 8.1:

  1. On the Start Screen, type in “Folder options”.
  2. Click Folder options.
  3. Uncheck the box beside “Hide extensions for known file types”.

Windows 7:

  1. Open the File Explorer from the Windows 7 taskbar.
  2. Click Organize in the toolbar on the top. Click Folder and search options.
  3. Uncheck the box beside “Hide extensions for known file types”.

3. Documents

Common file extensions: .doc, .xls, .ppt, .docx, .xlsx, .pptx, .pdf
Cybercriminals are using harmless-looking documents to infect host computers with macro malware. Macros are small programs that automate common tasks, like downloading files or installing a program.

In this instance, cybercriminals inject malicious code into legitimate documents. Once the user opens the file, they will be asked to enable macros to properly display the document. However, doing so will activate the malware.

Aside from Microsoft Office documents, PDF files can also be used to attack user’s systems. These can create and run malicious files, and hide phishing links. For instance, a spam email can ask users to click on a phishing link within the document, which leads them to a page asking them to sign in to their online account. However, this will enable cybercriminals to steal the user’s login credentials.

4. Archive files

Common file extensions: .zip, .rar, .7z
Cybercriminals are known to conceal malware in archive files, as they are typically less obvious ways to launch malware, compared to executables and documents.

A known example is the Gandcrab ransomware attack, which used an archive with a name like “Love_You0891”. Similar to the ILOVEYOU worm, it used social engineering to pique the recipient’s curiosity and launch the malware.

5. Disk images

Common file extensions: .iso, .img, .dmg
While almost exclusively used in macOS, disk images are still one of the most dangerous attachments to avoid. Much like archive files, disk images can conceal executables and documents.

This fault was taken advantage of by the Agent Tesla Trojan malware. The disk image contained an executable file, which when installed, activated a spyware program capable of stealing users’ login credentials. Typically, cybercriminals included a .doc file as a failsafe in case the disk image did not work.

Need better protection from malicious email attachments for your Campbell business? We’ve got you. Our INFINIT SHIELD – Email Defense platform automates implementation and management of email authentication, which keeps malicious emails at bay. We also provide ongoing testing, reporting, and training of users to educate and prepare your employees to properly handle email threats. To know more how we can help you, contact us today.


Navigating technology can be difficult, but using it to your business’s advantage shouldn’t have to be.

Download now!