Ask Jack: What E-Mail Attachments Are Red Flags?

By Jack McCalmon, The McCalmon Group, Inc.

August 31, 2023

It seems like I receive a thousand emails a day at work - many with attachments. I know attachments may be malware. Is there any type of attachment that presents a greater risk than another?

Business compromise emails are on the rise, and many have attachments. So, any type of attachment - a .pdf, a .doc or even a .jpeg - can contain malware. Don't select any attachment you are not expecting without performing due diligence, and if you are not sure, then don't select it.

Please note that there has been a spike with malware and third-party applications:

A recent Abnormal report analyzed the increase in email attacks in the first half of 2023. Examining data since 2013, the report identified a massive increase in third-party applications (apps) integrated with email, underscoring the proliferation of an emerging threat vector that cybercriminals are exploiting as they continue to shift their tactics. https://www.securitymagazine.com/articles/99707-business-email-compromise-attacks-outpace-malware

The final takeaway is that all attachments present risk. The riskiest attachment is the attachment you were not expecting and selected without performing due diligence.

Jack McCalmon, Leslie Zieren, and Emily Brodzinski are attorneys with more than 50 years combined experience assisting employers in lowering their risk, including answering questions, like the one above, through the McCalmon Group's Best Practices Help Line. The Best Practice Help Line is a service of The McCalmon Group, Inc. Your organization may have access to The Best Practice Help Line or a similar service from another provider at no cost to you or at a discount. For questions about The Best Practice Help Line or what similar services are available to you via this Platform, call 888.712.7667.

If you have a question that you would like Jack McCalmon, Leslie Zieren, or Emily Brodzinski to consider for this column, please submit it to ask@mccalmon.com. Please note that The McCalmon Group cannot guarantee that your question will be answered. Answers are based on generally accepted risk management best practices. They are not, and should not be considered, legal advice. If you need an answer immediately or desire legal advice, please call your local legal counsel.

 

Finally, your opinion is important to us. Please complete the opinion survey:

News

New Fax Number for Best Practice Help Line

The fax line for Best Practice Help Line consultation requests is now 918-712-5965.

Ask Jack: Can Trusted Agents And Contractors Play An Unknowing Part In E-Mail Compromise Attacks?

Are internal breaches the main concern for email compromise attacks? Jack explains why such attacks go beyond office walls.

Ask Jack: Can Dating Scams Cross Over Into The Workplace?

Scammers are using dating apps to scam money from people looking for love. How can that creep over to employers? Learn why the leap is pretty easy.

Ask Jack: Is Disconnecting From The Internet A Smart Move If You Think You Opened Malware?

Jack explains the value of disconnecting and shutting down if you think you have selected a bad link or opened a questionable attachment.