Skip to main content

MCC Daily Tribune Archive

Why can email attachments be dangerous?


While email attachments are a popular and convenient way to send documents, they are also a common source of viruses. Use caution when opening attachments, even if they appear to have been sent by someone you know.

What steps can you take to protect yourself and others in your address book?

Be wary of unsolicited attachments, even from people you know - Just because an email message looks like it came from your mom, grandma, or boss doesn't mean that it did. Many viruses can "spoof" the return address, making it look like the message came from someone else. If you can, check with the person who supposedly sent the message to make sure it's legitimate before opening any attachments. This includes email messages that appear to be from your ISP or software vendor and claim to include patches or anti-virus software.  Just so you know, ISPs and software vendors do not send patches or software in email.

Keep software up to date - Install software patches so that attackers can't take advantage of known problems or vulnerabilities. For your home PC use the automatic updates.  At work please reboot your PC when new updates are applied.

Trust your instincts - If an email or email attachment seems suspicious, don't open it, even if your anti-virus software indicates that the message is clean. Attackers are constantly releasing new viruses, and the anti-virus software might not have the signature. At the very least, contact the person who supposedly sent the message to make sure it's legitimate before you open the attachment. However, especially in the case of forwards, even messages sent by a legitimate sender might contain a virus. If something about the email or the attachment makes you uncomfortable, there may be a good reason. Don't let your curiosity put your computer at risk.

Save and scan any attachments before opening them - If you have to open an attachment before you can verify the source, take the following steps:

Be sure the signatures in your anti-virus software are up to –this applies to your home PC especially.  At MCC we continue to keep anti-virus signatures up-to-date.

Save the file to your computer or a disk.
Manually scan the file using your anti-virus software.
If the file is clean and doesn't seem suspicious, go ahead and open it.
Note: Both the National Cyber Security Alliance and US-CERT have identified this topic as one of the top tips for home users.

Donna Pogroszewski
MCC Cyber Security Awareness Committee
10/20/2014