Unsafe Email Attachments

email with attachment clip and colorful fairy lights bokeh in the background shot at shallow depth of field

In addition to using WashU email for work, most people use email in their personal lives, too. You can get an email from your aunt with her stew recipe or an email from your boss about an office party. But what if the email isn’t actually from your aunt or boss? Cybercriminals often pretend to be someone you know to get you to click unsafe attachments, such as fake DOC files or PDF files. Learning how to identify unsafe email attachments and protect yourself is essential. 

Fake DOC Attachments 

Older Microsoft Word DOC files are commonly used in cyberattacks because they can include macros. A macro, short for macroinstruction, is a set of commands that can control a DOC file and other programs. Cybercriminals may send you an email with a DOC file that contains a macro. The email usually looks legitimate and gives an urgent reason for you to open the file. If you open the file, a pop-up window will display, asking you to enable macros. If you accept, the macros will be able to install malware on your device. 

Fake PDF Attachments 

PDF files are sent over email every day, making them perfect tools for cyberattacks. One popular type of attack is when cybercriminals put an image in a PDF file to trick you into clicking it. For example, it could be an image resembling a video with a play button. The image will be something that catches your attention, like a cooking video from social media or a cute cat video. Unfortunately, clicking the image could send you to a website designed to steal your sensitive information. 

What Can I Do to Stay Safe? 

Follow the steps below to stay safe from dangerous email attachments: 

  • If a suspicious email appears to be from someone you know, reach out to the sender using known contact info or in person. Check to see if the email is legitimate before putting yourself at risk.  
  • Avoid DOC files in general. They use an outdated format and contain too many security risks. The newer DOCX format is the current standard and is much safer.  
  • Always think before you click. Cyberattacks are designed to catch you off guard and trick you into clicking impulsively.