Do not click on the attachment – whatever it is called!

Before you open any attachment you should think about it:

  • Are you expecting an attachment from this sender?
  • Does this sender normally send you attachments like this?
  • If you do not recognise the attachment extension then do not open it.
  • Best practice is NOT TO OPEN any unexpected attachments!
  • It does not take much effort to check with the sender to see if the attachment is legitimate.

Here is an article from SANS Internet Storm Diary showing how bad actors try and encourage you to open their malicious files.

Downloader Disguised as Excel Add-In (XLL) (sans.edu)

We cover this type of social engineering in our Business Email Threat and Social Engineering training course – with practical examples so people have the tools to be flexible when processing their email.

Clive Catton MSc (Cyber Security) – by-line and other articles