How To Protect Yourself From Password-Protected Email Attachments, And Other Malware in Emails.

We’ve all heard don’t click on links in Emails unless you know the person.  But, what you don’t know is, there are several hackers out there pretending to be companies that you do business with trying to get you to click on a link and give them your vital information.

And when you click on a link, it installs disruptive malware on your system. One particularly interesting type of threat is password-protected email attachment malware, which uses macros to drop malicious software onto your computer. Have you received an email with a password-protected attachment? Before you open it, think twice.

How to spot a password-protected email attachment malware.

Usually, the email will say something like:

Good Evening,
My name is Herbert Allen and I have some very important information from Bank of America that you requested.  Please see attached below, the password is 654.

I hope this helps, If you have any questions please don’t hesitate to reach out.

Herbert Allen

When you open the attachment a popup appears for you to put in your password.  The emails usually look fairly legitimate and the attachment is often presented as a common business document, such as a shipping receipt, financial report or resume. When you input the password to decrypt the document, your software will ask if you want to enable content. If you click “enable content”, you’ll also be enabling macros, which can automatically drop malicious software onto your PC.

How to protect yourself against encrypted email attachment malware.

1. Pay Attention

The most important thing you can do to reduce the risk of becoming a victim of encrypted email attachment malware is to pay attention to who is sent you the email. Avoid opening any attachments, unless you know and trust the sender, and remember that the sender’s name and address can be fake and look legitimate.
Some organizations, especially those that handle sensitive data such as financial or legal firms, routinely send password-protected documents to ensure that only the intended recipient accesses its contents. If you are unsure, always call the company that sent the email to verify it actually came from them.

2. Be Careful with Attachments and Hyperlinks.

Never click on attachments or hyperlinks in the body of the email unless you know who it’s from. If you have to open an attachment, make sure the file extension is appropriate (e.g. a picture of your friend’s holiday will not have an extension of EXE or JS file) and carefully inspect the full URL of any link before clicking.  A company will never ask you for your login information via email.

3. Manage your macros

A macro is an automated input sequence that imitates keystrokes or mouse actions. A macro is typically used to replace a repetitive series of keyboard and mouse actions and is common in spreadsheet and word processing applications like MS Excel and MS Word. Macros are automatically disabled in the newer versions of Microsoft Office, so if you keep your software up to date you won’t have to worry about Macros being enabled. Of course, many businesses rely heavily on macros in their day to day operations, which means this may not be a viable option. If you have to use Macros, using a reliable antivirus software, and training staff on the basics of IT security are your best options in reducing the risk of macro malware infections.

4. Update your software

As noted, old versions of Microsoft Office have macros enabled by default. Newer versions disable macros by default and also offer Protected View, a read-only mode that prevents the execution of potentially harmful content, thereby reducing the risk of malware infection. Invest in new software where possible and always apply the latest patches to resolve any security flaws the vendor may have recently resolved. There are reasons you must keep your software updated.

5. Use reliable antivirus software

Last but not least, every computer needs to have a reliable antivirus software installed. Antivirus software protects you from harmful malware and viruses. You can rest assured that you’ll be safely protected, even if you happen to open a harmful email attachment.

If you need help with finding a good antivirus we recommend Emsisoft.  Visit this page to read all about their award-winning software and why we recommend Emsisoft.

Until Next Time,
Megabite