Handling Unexpected or Suspicious Email Attachments

Audience: Faculty, Staff and Students

This KB Article References:
This Information is Intended for: Faculty, Staff, Students
Last Updated: August 11, 2020
Average Rating: Not Rated
Your feedback is important to us, help us by logging in to rate this article and provide feedback.

Unexpected or suspicious email attachments should never be opened. They may execute a disguised program (malware, adware, spyware, virus, etc.) that could damage or steal your data. If in doubt, call the sender to verify. A good rule of thumb is to only open file attachments if you are expecting them and if they are relevant to the work you are doing.

Signs of a Malicious Attachment

  • .exe Files: .exe files are executable files - meaning that they can run a program; while .exe files are not inherently malicious, they can be used to install malware on your computer; there's no reason for an .exe file to be shared via email, so if you receive one, you should delete it
    • Google has a filter in place that prevents the sending of .exe files
    • .exe files can also be disguised in .zip folders - if you receive an email with a .zip, and open the folder to find an .exe, you shouldn't run the file
    • Be careful, some attachments might show the icon for a document, powerpoint, etc., but they still have the .exe extension
    • Just because a file isn't an .exe, doesn't mean it's not malicious - there have been instances of macro-viruses that hide themselves inside of Office Documents
  • Unsolicited Email/Strange "From" Field: don't open attachments that you're not expecting, or from users who you don't know (be especially cautious of anyone outside of the @stonybrook.edu domain)
  • Strange "To" Field: if the email has a long, alphabetical list of recipients , or if the "To:" field is blank, then the email is probably illegitimate, and the attachment shouldn't be opened
  • Vague Subject Line/Body: if the subject line or the body text is vague, then the attachment probably is illegitimate
  • Missing Salutation: most legitimate emails have some kind of a salutation
  • Poor Grammar/Spelling: legitimate emails are carefully proofread before they're sent out; if the email has a lot of spelling/grammatical errors it's probably not legitimate
  • Sense of Urgency: (i.e. -  "this attachment will expire in 24 hours”, “you have an unpaid invoice") most illiterate emails try and create a sense of urgency so that the recipient will download and run the attachment without carefully looking at it

Still not Sure?

If the email has passed the "tests" above, but you're still not sure, you can scan the file before you open it. 

  1. Download the attachment (Do not run it)
  2. Go to https://www.virustotal.com/
  3. Click on "Choose File"
  4. Select the attachment, click "Open"
    1. By default, the file you downloaded will be in your "Downloads" folder
  5. Click "Scan it!"
  6. It might take a few minutes to analyze
  7. Only open files with a detection ratio of 0, anything else is malicious 

Additional Information

Files & Links

Provide Feedback

Your feedback is important to us, help us by logging in to rate this article and provide feedback.

Sign in with NetID

Getting Help

The Division of Information Technology provides support on all of our services. If you require assistance please submit a support ticket through the IT Service Management system.

Submit A Quick Ticket

Supported By

Customer Engagement and Support