Cyber Security News

You Be The Hero. We've Got Your Back!

Common Malicious Email Attachments: Avoiding The Inbox Masquerade

By now everyone knows to ignore the email from the Nigerian Price or foreign lottery.  They don’t really have millions of dollars waiting for you.  However, that does not mean you can ignore the threat of phishing emails.  It just means the cyber-criminals have gotten smarter.  In fact, 91 percent of successful data breaches and cyber attacks begin with an email.

It’s serious business from serious criminals.  Business Email Compromise (BEC) causes more than $676 million dollars in damage a year, according to the FBI.  That does not include the resulting data breaches, identity theft, and other fraud that takes place once thieves get access to your data.  There is, however, something you can do about it.  Protecting yourself from malicious email attachments and data breaches begins with understanding the problem and taking action to prevent yourself and your organization from becoming a victim.

Common malicious email attachments are one of the crook’s favorite ways to attack.  They use various schemes and scams to try to harvest your user and password information, lockup your computer with ransomware, or launch malicious code.  If you see an email with a DOC, PDF, ZIP, PPT, or XLS attachment, be wary.

Here are some of the most common scams making their way across the internet now:

Excel Attacks

If you’re in business these days, there’s a good chance you’re sharing spreadsheets on a regular basis.  So, when one shows up in your email, it’s not unusual.  An email with a purchase order or spreadsheet for review may appear just fine.  In fact, these phishing emails have been known to sneak past both Gmail and Office 365 email security.

PDF Attacks

One of the newest targets is using PDF documents that are attached to an email. Because there is no suspicious code or link in the email itself, it can often pass through ordinary email spam filters undetected.

As scammers become more sophisticated, they may harvest credentials inside companies and then send impersonate someone within the company to send their attachments.  Coming from a trusted source, these attachments get opened more frequently.

SharePoint Attacks

Malicious links are also being hidden inside SharePoint documents,  Hackers use standard SharePoint tech.  The email can look identical to a normal invitation for workers to access the document, so they also bypass most email security solutions.  When recipients click on the link to get the SharePoint document, they might launch malicious code or be redirected to a login screen in an attempt to steal their credentials.

PowerPoint Attacks

Similarly, PowerPoint files may include a popup asking to verify credentials before access.  Putting in your login name and password allows the crooks to grab your identity.  They may also embed macros in the file.  Clicking yes to enable macros can unleash all sorts of bad things.

Gmail And Office 365 Email Security Are Not Enough

Google and Microsoft look primarily for widespread malicious attacks.

Office 365 uses proxies for links and compares them to a database of known bad actors before sending them through to users.  While this can stop many attacks, it is ineffective against new threats that have not been detected or hackers that continually change email addresses, URLs, or tactics.

Spear Phishing And Whaling

They can also miss targeted attacks that are sent to only a few individuals, like spear phishing attacks or whaling attacks that go after the big targets.  In this case, the cyber-criminals will research their targets to find ways to make their attacks more successful.  They might search in social media, public filings, or company reports.  This social engineering allows them to create an email that can take advantage of this unique knowledge to get people to click on the attachment.

Chain Email

The bad guys also love to get their hands on user credentials.  Once they can access your email or a colleague’s email, they can impersonate them and cause all sorts of trouble.  The so-called Chain Email can actually come from inside your company’s email network.  A spreadsheet or PDF from someone you know and trust within your organization is more likely to get opened.

Other Phishing Attacks

There is no shortage of sophisticated attacks and methods cybercriminals will use to cause you problems.

Zero-Day Attacks

Zero-day attacks exploit software flaws, or flaws in email security practices, that are discovered before they are patched.  This vulnerability is unknown to the software developer, so it’s difficult to protect against.  While a patch is being developed, the hackers are taking advantage.

Zero Font Attacks

Zero Font attacks set the font size to zero and can make characters invisible to the recipient.  You might think you’re clicking on a legitimate URL or attachment, but the hidden characters redirect you somewhere else.

Scammers also use this to hide letters inside words so it might look like “Microsoft” to you, but won’t trigger email security because it reads all the characters regardless of their font size.

Z-WASP Attacks

Similarly, number and special characters show up in the raw HTML between words.  These characters distort what the email security filters see when it examines a URL, link, or attachment.

The Security Email

Recipients that take the time to examine the return address will note it’s not from Microsoft, but too many people don’t take even this most basic step.  In this example, a low-level phishing attempt pretends to be from Microsoft security asking you to click to reset your account.  It may let you know that your mailbox is full, there are outgoing emails that are waiting to be sent, or there’s a message you need to examine to make sure it’s not a phishing scheme.  It may look legitimate, but clicking on the link will launch malicious code.

The Financial Email

Another common technique is an email using the recognizable logo of a bank or online financial institution and an official looking email template.  It might ask you to acknowledge a recent deposit or tell you a fraudulent charge has been made and you need to take action.  Clicking might lead you to a look-alike landing page asking for your credentials or launch ransomware or tracking software on your computer.  If you are at work, this may infect your network.

PayPal Phishing Email

Data Breach Prevention

Cisco estimates there are 339 billion emails sent daily.  Of those, less than 50 billion are legitimate.  That means that more than 85% of all email is spam.  If you do not protect your email and your network against common malicious email attachments, you are putting your business at risk.

Gmail and Office 365 provide passive email security that detects issues once problems have been detected.  You need a proactive security solution that prevents network and data breaches before they are known.  This includes email and digital fax encryption, network access security, and active IP monitoring to prevent hijacking.

Avoid malicious code and attachments before they are deployed. Contact our security experts today to discuss deploying active security solutions, including data breach prevention, into your organization’s security arsenal.