Despite the existence of much more advanced attacks, cybercriminals still rely heavily on spam emails. They’re much more sophisticated today than they were in the heyday of Nigerian prince scams, but you can protect yourself by spotting the red flags.
One thing that should always arouse suspicion is an attachment you weren’t expecting. In particular, you should be on the lookout for just five types of files. According to analysis by Helsinki-based security provider F-Secure 85% of all malicious emails have a .DOC, .XLS, .PDF, .ZIP, or .7Z attached.
You probably recognize at least the first three. .DOC and .XLS are Microsoft Word and Excel files. You’re likely opening .PDF files with Adobe Reader. The .ZIP is the most popular way to pack multiple files into a single digital package, while .7z is often used as an alternative.
It’s not all that important that you know what these files are or what program opens them, however. What’s critical is remembering that these are the go-to weapons in a criminal hacker’s email attack arsenal. Seeing a .DOC, .XLS, .PDF, .ZIP, or .7Z “paperclipped” to an email message should always tell you to proceed with extreme caution.
The file might be perfectly harmless. The next step is to check the rest of the email. Does the sender’s email address match up with the name (e.g. firstname.lastname@example.org and Bob Smith)? Is the sender someone you recognize and trust?
Even if you said yes to that last one, those are things an attacker can fake. Take a close look at the subject and the message itself. Are they written the way that person or organization normally writes?
Taking a few extra seconds to ask these questions before clicking could be all it takes to avoid a nasty ransomware or cryptomining malware infection.
Based on F-Secure’s findings, not enough people are doing it. F-Secure pegged the “click rate” — the number of times a would-be victim opened a malicious attachment — at around 13.4%. So far this year the click rate has climbed almost a full point.
14.2% might not seem all that , but consider this. Cisco Talos estimates the daily volume of legitimate email around the globe to be about 52.9 billion messages. Spam volume is nearly six times that at around 307 billion. Not all of that is malicious — some is just unwanted junk — but it gives you a good idea just how much damage those careless clicks can do.