October 21, 2016
1179
Reading the contents of an E-mail should be safe if you have the latest security patches, but E-mail attachments can be harmful.
E-mail phishing scams can trick you into opening attachments or giving up personal information. They appear to be E-mails from people, organizations or companies you know or trust, but they're often the gateway to identity theft by automatically installing malware, viruses, worms, and trojans.
In some instances, E-mail attachments disguised as letters of reference, resumes or information requests, can infiltrate and affect businesses that are involved in legitimate hiring processes. Also known as “spearphishing campaigns”, high-value corporations and governments have been targeted through E-mail attachments to take advantage of previously-unknown security vulnerabilities.
Many E-mail servers will perform virus scanning and remove potentially dangerous attachments, but you can’t rely on this. The easiest way to identify whether a file is dangerous is by its file extension, which tells you the type of file it is. For example, a file with the “.exe” file extension is a Windows program and should not be opened. Many E-mail services will block such attachments. Other file extensions that can run potentially harmful code include: “.msi”, “.bat”, “.com”, “.cmd”, “.hta”, “.scr”, “.pif”, “.reg”, “.js”, “.vbs”, “.wsf”, “.cpl”, “.jar” and more.
In general, you should open only files with commonly-used attachments that you know are safe. For example, “.jpg” and “.png” are image files and should be safe. Document files extensions, such as “.pdf”, “.docx”, “.xlsx”, and “.pptx”, should also be safe — although it’s important to have the latest security patches so malicious types of these files can’t infect systems via security holes in Adobe Reader or Microsoft Office.
“By opening insecure, infected or unencrypted E-mail attachments, you risk injecting a number of information and data security threats into your home or workplace environment," says deputy commissioner Rick BARNUM, OPP Investigations and Organized Crime. "Your personal information and business systems need to be safeguarded and it starts right at your inbox.”
“When it comes to E-mail attachments, you should exercise extreme caution and assume the worst," says superintendent Paul BEESLEY, director – OPP Behavioural, Forensic and Electronic Services. "Don’t actually download or run an attachment unless you have a good reason to do so. If you’re not expecting an attachment, treat it with healthy suspicion.”
If you or a business owner suspects you’ve been a victim of ‘spearphishing’, contact your local police service, the Canadian Anti-Fraud Centre, report it to the OPP on-line at www.opp.ca/index.php?id=132 or through Crime Stoppers at 1-800-222-8477 (TIPS) at www.tipsubmit.com/start.htm
For helpful tips and links during Cyber Security Awareness Month, follow the OPP on Twitter (@OPP_News), Facebook and Instagram and using the hashtags #CyberSecurity, #CyberAware and #OPPTips.
LEARN MORE
Email Risks (courtesy of Public Safety Canada)
Spearphishing: The Risk to Corporate Canada (courtesy of Public Safety Canada)
Get Cyber Safe Guide for Small and Medium Businesses (courtesy of Public Safety Canada)
Get Cyber Safe is a national, multi-jurisdiction, public awareness campaign created to educate Canadians about Internet security and the simple steps they can take to protect themselves online. Visit http://www.getcybersafe.gc.ca/
Related Stories
No related stories.