In addition to using malicious installation files, cybercriminals often disguise harmful files with familiar file extensions such as .pdf, .docx, .xlsx, and .zip. These links and files can contain malware or lead to malicious websites. They frequently masquerade as legitimate documents, such as invoices or urgent messages, in an attempt to trick users into opening them.
Here are the ways in which these files can infect your computer:
- PDF Files (.pdf): These files can contain embedded executable files, JavaScript code, or malicious links
- ZIP Files (.zip): These compressed files can hide malware or phishing pages within the zipped files
- Executable Files (.exe): These are designed to run on your system and can contain malware
- Microsoft Office Files (.doc, .docx, .xls, .xlsx, .ppt, .pptx): These files can contain embedded macros or exploit vulnerabilities in the software
Receiving an email with these attachments does not necessarily mean your computer is infected; the infection occurs when you open the attachment. Here are some things to consider when you receive an email with an attachment, whether from an unknown sender or someone you know:
- Are you expecting the email?
- Are you expecting the email to contain an attachment?
If you answered “No” to either of these questions, contact the sender to verify the email. If the email is from an unknown sender, do not open it; mark it as junk and notify TAB.
To protect yourself from phishing emails, which often come from unknown senders pretending to be legitimate:
- Take your time: Read the email carefully for anything suspicious.
- Review the sender’s email address to ensure it’s correct.
- Avoid clicking on any links. Instead, hover over the link to see the URL. If it doesn’t look familiar, do not click on it.
- If you are unsure about the email’s legitimacy, contact the sender or contact TAB for assistance.
TAB offers tools that can help your users stay safe from phishing emails and bad actors. We’ve highlighted our Email Defense and Security Awareness Training below.
- PatrolDOG Email Defense – A service that quarantines emails containing malicious attachments and much more!
- PatrolDOG Security Awareness Training – A monthly training and bi-weekly phishing campaign service that aims to teach your users about all the ways a bad actor can use to gain access to the network.
