Attachments in Phishing 101

Please see the attachment 

Hoxhunt analyses real phishing attacks and their attachments to create the best phishing training for you. Based on that, we have created a quick introduction to the most common attachments used in the world of phishing! 

Sometimes emails ask you to open an attachment – “Please verify your account details”, “confirm your payment information”, “check this remittance advice” … All of these are real life examples from phishing emails, where attachments are used as a tool by the attackers to gain access to your sensitive information.  

Opening an attachment in a phishing email can cause malware, for example ransomware, to activate, locking up your computer and encrypting documents to block access. Attachments are also used in attempts to steal your Office 365 or Google’s G Suite account details with a faked login web page. Attackers want your information, and dangerous attachments are a simple way to achieve that. 

 

Log in to view this document 

There is no limit to the variety of attachments attackers use when phishing for your information. Attachments come in many types – From file encrypting malware files (e.g. in a ZIP file) to a simple looking document (e.g. PDF, DOC). All these attachments share the same goal – To be opened by you.  

Malware files are often delivered within messages directing you to download something important or verify the contents of the attachment. Often the attacks are related to financial and sales information, such as purchase orders or unpaid invoices, as these are common in corporate use. Sometimes it could be an urgent voice mail, or an updated employee policy. All fake, of course. 

If you are asked to open Purchase_Order_PDF.zip or to urgently listen to Voice_Mail_Urgent.mp3.7z – Stop and report the email according to your email provider’s instructions. 

 

Finance themed phishing attachment asking you to click a button and log in to your online banking account

 

If the attacker wants to steal your username and password, the attachments might ask you to click a link to log in. The link then takes you to a fake website that looks like the real login page. These attachments are often simple and try to make you curious, getting you to click the link and give your login information.  

A common sign of a suspicious PDF attachment is a logo of a well-known service, like Office 365, and a button to sign in to read the document. This means attachments like July_Promotions.docx or Project_Plan.pdf, with a link to OneDrive or Office 365 login page, are most likely there to steal your account information. Stop, and report the email. 

 

“Protected message” -phishing attachment urging you to click a button and log in to Office 365

 

Attachment deleted; malware detected 

Attachments are a simple way to sneak dangerous files into your computer or try to get you to log in to a password stealing website. Technology tries to keep up with the most common dangerous attachments, and various filters and email scanners often do a good job. However, attackers invent new ways to use malicious attachments in phishing emails all the time, and those will pass technical inspection.  

Therefore, it’s important to recognise the variety of dangerous email attachments out there, what they ask you to do, and what happens if you open one. This way you can stay safe from the common tricks attackers use in their email attacks. 

Want to learn more about how we teach about phishing attachments at Hoxhunt? Head out to our Knowledge Base or request a demo to hear more. 

Stay safe!