How to Tell if an Email Attachment Is Malware

virus in email attachment

You’ve got mail, and it has an email attachment. You’re quite tempted to open it. But if there’s one thing to learn from all the malicious software (malware) attacks over the last few years, it’s to never open an email attachment without taking the necessary precautions. Here’s how you can identify attachments with malicious intent.

Just Opening an Email is More or Less Safe

You won’t be able to see the email attachment without viewing the accompanying email first. But then, you might be wondering if the act of opening a suspicious email itself could be dangerous. The short answer is no.

In general, nothing harmful happens just by opening an email. Desktop- and Web-based email programs no longer support scripting languages, such as JavaScript. These scripts would allow email messages to be more interactive, but they also let cybercriminals insert malicious codes and exploit vulnerabilities, thus the discontinued support. Keeping you more secure is the fact that most email programs default to block images from unknown sources.

So there you have it. It’s okay to open emails if your intent is just to take a peek and see if there’s a legit message for you. By opening an email, you can at least look for warning signs of a phishing attack, which is a dead giveaway of a malicious attachment.


Be Wary of an Email Attachment, Regardless of the Sender

As long as you do not click on suspicious links and open files attached to phishing emails, your computer will not get infected by malware. Unfortunately, the possibility exists that one of your known contacts is the source of a phishing email, and you might assume that the files and links in the email are safe. Don’t be fooled. Hackers are crafty enough to infiltrate email accounts of innocent people and use these accounts to spread their malware. If you receive a phishing email from someone you know, inform this person about the potential misuse and security breach of his account.

Check the File Extensions

One of the simpler ways to expose a dangerous file attachment is to check its file extension. To the uninformed, it’s a period followed by a set of characters that suffixes the name of the file. A “.doc” file extension, for instance, is used for files associated with word processing documents.

Files with .aac, .gif, .jpg, .mp3, .mp4, .wav and other file extensions used by various image and video file formats are generally safe to open. Files with .doc, .docx, .pdf, .ppt, .pptx, .xls, .xlsx or other extensions associated with productivity suite applications (such as a word processor, spreadsheet and presentation programs) are also generally safe, especially when you’re anticipating these files as part of your schoolwork or job. Do note that document files, especially DOC and PDF files, can be infected to exploit Microsoft Word and Adobe Reader vulnerabilities, so take some precaution if you unexpectedly receive such files from unknown senders.

A cybercriminal can make malware look like a harmless music or video file attachment by using a double extension. For instance, a file called “song.mp3.exe” is not really an MP3 music file, but rather an executable file. Because Windows does not show actual file extensions by default, a novice user would only see the file as “song.mp3.” The cybercriminal can further add deception by changing the icon of the executable file to appear similar to a music file. To avoid becoming a victim yourself, watch out for double extensions, especially if the second extension—the one that only matters—refers to executable file formats, such as EXE, COM and VBS.

Perform a Malware Scan

So you’ve gone ahead and downloaded the file attachment. Before you open it, always scan the file first with an up-to-date antivirus. Consider opening the attachment in another user account on your computer, specifically an account with limited privileges. Many pieces of malware require administrator-level privileges to spread the infection.

As a final reminder, always keep your software updated, including your operating system, email program and Web browser.