Handle Attachments Safely

Preliminaries

Examine messages and attachments as a whole, not separately. Often the details -- size, name or extension -- as well as the nature of the message will give them away. If something is fishy just delete the message, along with the attachment, and get on with your life.

HTML attachments (filename.htm or filename.html) are a special case. Depending on how the message was composed, and on its size, email clients will show some HTML messages as attachments. Others will be displayed directly with no attachment. Either one can have malicious content though. That's why it's so important to configureyour browser and/or your email client correctly.

Many messages with malicious attachments will appear to come from a legitimate address, or even from someone you know. Be suspicious of any attachment that you were not expecting -- even though it's from someone you know. Be paranoid about attachments from anyone you don't know.

Practical Paranoia

I tried to capture the thinking process that I use to deal with messages and attachments by creating this list of questions. I actually don't go down the list in order, although that's the way to learn the logic. I more or less ask the questions in parallel.I suggest that you try following the steps explicitly a few times to get a feel for how to think about messages and when to open attachments.

Did the person who sent the message struggle with grammar, spelling or punctuation? Yes? Just delete the whole thing -- unless it passes Question 7. below. If not, continue back here at Question 2.
Is there anything inconsistent about the message, who it's from, address it's from, the subject, the kind of attachment, the file name? why would you get such a message, etc.? Yes? Just delete the message, and get on with your life.
Can I live without this attachment, even though I'm curious? Yes? Delete it along with the message.
Is there something here that's so attractive that I'm willing to take a risk? No? Why are you waiting? Delete it, you'll get over it. Yes? Proceed to Question 5.
Does the message appear to come from someone I know? Yes? Well then, it's easy to check with them to see if and why they sent the attachment. If it checks out, skip ahead to Question 7. If it's not from someone you know, proceed to Question 6.
Is the message well written, convincing and reasonable, and do you feel that the attachment is safe enough to risk opening?
You don't know this person from Adam (or Eve as the case may be). Maybe you should go back to Question 3 again. Otherwise, proceed to "handle files safely".
Is everything about the message consistent? Have you received messages like this one before? Same address -- same person -- same or related subject -- same kind of message -- same kind of attachment? Yes? Go on to the next segment.
If the answer to all the questions is no, do not go, you might still want to proceed to some "advice on handle files safely".

<<-- Email-Security Start Page

• map of security section

• know how to avoid trouble
• handling email safety
• handling files safely

• email security start page
• how to read email safely
• how to read webmail safely
• the new face of deception
• malicious email tricks
• the perils of attachments
• malicious attachments
• how phishing works
• bogus email and websites
• reduce spam <> cut hazards
• public PC and WiFi security

"Don't open e-mail attachments from strangers, don't use Outlook, don't put salt in your eye." --Netsurfer Digest, www.netsurf.com