Protect Yourself from Malicious Email Attachments

Protect Yourself from Malicious Email Attachments

Lately, I’ve been getting a lot of SPAM emails with attachments. The “sender” tells me that I need to open the attachment to provide them with information.

This might sound obvious but you should never open attachments from people you don’t know, especially if it’s a weird-looking attachment (i.e. download.exe or certification.txt). No reputable organization is going to get information from you this way.

You can’t assume that your SPAM filter or software is going to keep all malicious emails out. The examples below were successfully delivered to my inbox:

Example #1 – There are a lot of tell-tale signs that this email from “Bank of America” is fraudulent.

  1. The email is from Does that even sound legit?
  2. It’s sent to “undisclosed-recipients”
  3. There is an HTML attachment (restore account.html)
  4. I don’t bank with Bank of America


Example #2 – This one from “UPS” isn’t quite as obvious as the first example. Here’s what I saw:

  1. UPS would have probably left a notice on my front door. How would they have possibly gotten my email address anyway?
  2. The notice is almost three months after the supposed delivery date
  3. There is a text file attachment (_Certification_.txt)
  4. The copy in the email just doesn’t sound like something that would come from UPS. I don’t think they even say “United Parcel Service” anymore


Here are some things you can do to protect yourself from malicious email attachments:

  1. Don’t open emails or attachments from people you don’t know or that seem “fishy” (Pay special attention to the subject line and who the email is supposedly from)
  2. Have anti-virus software installed on your machine. Most of them will check incoming email (assuming you’re using Microsoft Outlook) automatically. AVG is a good free one
  3. Make sure that whatever email program you are using blocks images in all incoming emails (In Outlook, go to Tools>Trust Center to block images). Blocking images does two things. First, the spammer can’t track that you’ve opened the email (even if it was previewed in your preview pane). Without getting too technical, spammers need images to display in the email to track whether or not the email was opened. Second, malicious programs can’t automatically execute in these emails when opened

Just be careful with attachments. It it doesn’t feel right, don’t open it.

Jay Lane