Cyber security awareness: Spotting dangerous file attachments

As more people have been working from home or other locations that aren’t a physical office in the last couple of years, you may have heard there’s also been a spike in spam and phishing attempts.

---

Not only have attackers come up with more sophisticated ways of stealing sensitive information, but they’ve also come up with new methods of getting malware onto people’s personal and work devices.

So, how are they doing this?

Digital communications are something we rely on daily. Let’s face it — we’re only human: we get busy, tired, and overwhelmed. This can lead to us not being as careful as we might otherwise be — and that’s a problem when all it takes is one click to end up with dangerous files infecting our devices.

Attackers know that interesting headlines, helpful information, appealing offers, and work documents prompt us to take action.

We may think an innocent-looking request from a colleague is urgent, so we click to download the attachments. We may smile when we see our favourite pizza company is generously giving us a voucher to spend next month, then open the attached file without a second thought.

Those are usual day-to-day activities and situations, but attackers hide malware — including spyware and ransomware — into files they send online. That’s why we call them potentially dangerous files.

Potentially dangerous files might come from: 

• Emails
• Downloads from websites
• SMS or voice spam
• Malicious USB drives 
• QR codes that link to malicious websites

In this post, we’ll cover five types of potentially dangerous files commonly used by cyber attackers. Then, we’ll explain how you can make an informed decision on whether to open the file or not.

Potentially dangerous files to watch out for

Executable files

Executable files are ones that have instructions on how to run an automatic task on your computer. The challenge is you may not know what exactly the file is running or doing.

Although many file formats fall into this category, some can work on any computer without needing special software.

Common extensions for executable files are:

• APP
• EXE 
• BAT
• BIN
• COM
• CMD
• CSH
• INF
• IPA
• OSX
• PIF
• RUN
• WORKFLOW
• WSH

Compressed files

Conveniently small in size and easy to send to others, compressed files (often called ZIP files) contain several files or even directories. They’re a popular choice for work and personal purposes and usually include music, video, image, or text files. 

Attackers can use compressed files to hide malware among the other files contained in the package. 

Common extensions for compressed files are:

• ARC
• RAR 
• RO9
• TAR
• GZ (or GZIP)
• ZIP
• 7Z

System files

System files are critical — without them, our computer systems can’t operate. You’ll typically find them in the system folder on your device, and they tend to be protected from accidental and intentional deletion (managed by user permissions).

Sophisticated hacking methods these days include hiding malware and ransomware in the system files.

SYS is a common extension for system files.

Installation files

Like executable files, installation files are designed to run a task on your device — but that task is specifically to install programs. In some cases, though, it’s malware that’s being installed instead of the program you expected.

A well-known example of users falling victim to harmful installation files is through downloading fake Windows 11 operating systems from non-official websites. Attackers hide malware in the fake installation file, which can flood your computer with ads and steal your password credentials.

Common extensions for installation files are:

• DMG
• EXE 
• MSI

Microsoft Office files or macros

These include the usual spreadsheets, presentations, templates, and text documents we’re all familiar with.

There are macros inside them, which are small programs used by attackers as scripts for downloading software.

To view or edit a file, you don’t need to enable macros. Though the file may try to get you to do so, we suggest you skip this if you’re not sure what task will run as a result.

Common extensions for Microsoft Office files that have macros stored in them are:

• DOCM
• XLSM
• PPTM

What to do with potentially dangerous files

While we’ve covered the most common file types that need some extra scrutiny, it’s important to remember that almost any file type can contain malware.

If you’re ever doubtful of the legitimacy of the file or its source, here are some questions you can run through to help you decide if you should open the file or not.

Questions to ask yourself before opening a file

1. Do you know who sent you the file or email?
2. Does the file have an unfamiliar file type, or one of the file types we covered above? 
3. Were you expecting an attachment from this sender?
4. Are there any unusual flags in the body of the email or message? 

Other things you can do to protect yourself

Use antimalware software

Reliable antimalware or antivirus software can send you notifications about malicious files as well as blocking them from being transferred to your device.

Check if the sender’s name, email address, and phone number are correct

Attackers can send ransomware via phishing messages or emails, so it’s a good idea to check the message’s sender details and see if they match the details you have for that person. It’s also worth hovering over links to see where they’re directing you. Call or chat with your IT support team if any of these don’t seem right.

Read the notifications and pop-ups from your antimalware software

Antimalware software on your devices might try to warn you of macros in documents and any links in files. If you’re not sure if you need to enable macros or follow links in the files you received from someone, it’s best to treat them as suspicious and avoid clicking.

Use security features in your operating system

A computer firewall can help protect your device by closing off any ports that you don’t need enabled. Most operating systems come with these types of security features, and it is best to keep them enabled and updated.