Handling Unexpected or Suspicious Email Attachments
This KB Article References:
Symantec (No Longer Available)
This Information is Intended for:
Instructors,
Staff,
Students
Created: 08/01/2012 Last Updated: 05/02/2024
Unexpected or suspicious email attachments should never be opened. They may execute a disguised program (malware, adware, spyware, virus, etc.) that could damage or steal your data. If in doubt, call the sender to verify. A good rule of thumb is to only open file attachments if you are expecting them and if they are relevant to the work you are doing.
Signs of a Malicious Attachment
- .exe Files: .exe files are executable files - meaning that they can run a program; while .exe files are not inherently malicious, they can be used to install malware on your computer; there's no reason for an .exe file to be shared via email, so if you receive one, you should delete it
- Google has a filter in place that prevents the sending of .exe files
- .exe files can also be disguised in .zip folders - if you receive an email with a .zip, and open the folder to find an .exe, you shouldn't run the file
- Be careful, some attachments might show the icon for a document, powerpoint, etc., but they still have the .exe extension
- Just because a file isn't an .exe, doesn't mean it's not malicious - there have been instances of macro-viruses that hide themselves inside of Office Documents
- Unsolicited Email/Strange "From" Field: don't open attachments that you're not expecting, or from users who you don't know (be especially cautious of anyone outside of the @stonybrook.edu domain)
- Strange "To" Field: if the email has a long, alphabetical list of recipients , or if the "To:" field is blank, then the email is probably illegitimate, and the attachment shouldn't be opened
- Vague Subject Line/Body: if the subject line or the body text is vague, then the attachment probably is illegitimate
- Missing Salutation: most legitimate emails have some kind of a salutation
- Poor Grammar/Spelling: legitimate emails are carefully proofread before they're sent out; if the email has a lot of spelling/grammatical errors it's probably not legitimate
- Sense of Urgency: (i.e. - "this attachment will expire in 24 hours”, “you have an unpaid invoice") most illiterate emails try and create a sense of urgency so that the recipient will download and run the attachment without carefully looking at it
Still not Sure?
If the email has passed the "tests" above, but you're still not sure, you can scan the file before you open it.
- Download the attachment (Do not run it)
- Go to https://www.virustotal.com/
- Click on "Choose File"
- Select the attachment, click "Open"
- By default, the file you downloaded will be in your "Downloads" folder
- Click "Scan it!"
- It might take a few minutes to analyze
- Only open files with a detection ratio of 0, anything else is malicious