The following list of file name extensions lists types of files identified by Microsoft as potentially containing dangerous programs.
Any file received as an email attachment with any of the above extensions should NEVER be opened even if you know the person that sent the file. Unfortunately some email programs don't display file extensions in their default configurations, in particular, Outlook Express. The display of file extensions can be turned on, the method varies slightly depending of the version of Windows, but generally is similar to the following:.
Now you will be able to see all file extensions but the list of dangerous file types is quite long, how do you remember them all? If an attachment does not have one of these safe extensions its best not to open the attachment. Be especially suspicious of any file that has a doubled extension eg. These three basic strategies account for virtually all forms of malicious emails in use today.
Although there are permutations within each of these methodologies, risky emails will, in general, incorporate one or more of these tactics. Cybercriminals combine poisonous links, attachments, and enticements in various ways to develop malicious email campaigns that are, unfortunately, very effective. Learn more about ransomware by reading Ransomware Delivery Mechanisms.
Phishing: Phishing uses psychological manipulation to bait victims into divulging logon data or other sensitive information that criminals sell or use for malicious purposes. A phishing attack usually consists of an authentic-looking sender and a socially engineered message.
Many email recipients believe the message is from a trusted individual and will open infected attachments or click on malicious links. Spear phishing: A more targeted form of phishing, spear phishing consists of a highly customized attack, focused on a specific individual or organization. Cybercriminals will often perform extensive research to make their emails appear legitimate.
For example, criminals will pose as, or mention legitimate colleagues, departments, business partners, or even superiors. Spoofing: Because email protocols lack effective mechanisms for authenticating email addresses, hackers are able to use addresses and domains that are very similar to legitimate ones, deceiving victims into believing that fraudulent emails are from a trusted individual. Man-in-the-Middle Attacks : In these attacks, cybercriminals insert themselves between the user and the application, website, or service the victim is using.
Like most malicious emails, man-in-the-middle attacks are not new. However, in recent years, hackers have found numerous ways to revive this classic attack.
To make matters worse, a variety of inexpensive hacking tools are readily available that help criminals perform man-in-the-middle attacks. This is a type of social engineering scam where an attacker sends an email to someone in the organization that has the ability to execute a financial transaction. Spam: Despite a number of ways to filter out unwanted email, spam remains a significant challenge for organizations. While ordinary spam is simply considered a nuisance, spam is also frequently used to deliver malware.
Malware and viruses can be hidden in files of the following file extensions;. Even Microsoft Office documents. The following image, sound and video formats should be safe though:. If you follow this guide, you should be able to judge if that email attachment is safe. English U. How can I tell if an email attachment is safe and virus free?
When you receive an email with an attachment, before you even think about opening it, you should run through this checklist in your head: Is the email definitely from someone I know and trust? Does the attachment look like something someone I trust would send me?
0コメント