As a small business owner, you may be receiving tens of emails (sometimes hundreds) in your in-box every day. You have to be careful while opening your emails – a small neglect on your part can significantly ruin your business – your important files may get deleted, someone might get access to your financial and customer information. I am not trying to scare you off but this is reality. There are many cyber criminals out there looking to make easy money. 95 percent of Americans receive emails with malicious programs while nearly 9 percent opened the attachment infecting their computer (Halon and TNS Global survey).

In this article, we will discuss the common threats that come as email attachments and what precautions you can take.

Common threats as email attachments
Opening a suspicious email attachment can infect your computer with a virus, Trojan horse, botnet and you can even become victim of phishing and hacking.

  • Virus: Virus is one of the common threats that small businesses come across. These malicious programs are mostly sent as email attachments with the intention of either damaging your computer programs or spreading the viruses to the computers in your network for creating problems.

    When such email attachments are opened some programs will get installed in your system. They can do many things – can gain access secretly your sensitive information, wipe out all the files on your hard drive, replicate and spread to USB keys and external hard drives. Sometimes they display unwanted ads.

  • Trojan horse: Trojan horse records all keystrokes you enter in your system. That is how it gains unauthorized access to your organization’s financial information, customer information; disrupts the performance of your computer; deletes or modifies your data, etc. Cyber criminals can even notice you through web cam.
  • Phishing: Phishing emails look legitimate and appear as if they came from known sources like businesses, banks, government agencies, friends, relatives, major online retailers, social networking sites, etc. They motivate you to download HTML form and sometimes motivate you to click the links in the email.

    These emails come with subject lines like “update your information” or confirm your user-name and password” and sometimes state the consequences if you don’t verify your details.

    Phishers generally attach html form to the mail. When you open such attachments, the form asks you to fill your credentials. These attachments are less likely to be blocked by anti-phishing mechanisms, because the form is stored locally.

    Sometimes you will be asked to click on the link provided that leads to the phisher site that site looks genuine and they motivate you to enter details of your accounts. The phishers gather your information based on your inputs and use this information to gain access to your account with a bank etc. to misuse it.

    • Legitimate PayPal URL looks like:
      legitimateurl
    • Disguised URL from the phishing email:
      Disguised url

    These phishing links are constructed in such a way that looks like it goes to PayPal.com, but it leads to the phishing site. You can see the difference instead of forward slashes – there are dots in the URL and also you can see in the URL – instead of https it is http. (Note: HTTPS in the URL signifies your information is secure. Legitimate sites will only able to get this security certificate)

  • Botnet: Botnets are generally a group of computer networks that are remotely controlled by cyber criminals over the Internet in an effort to perform automated tasks without your knowledge. These email attachments contain viruses, spyware with botnet code. When they are installed in your computer. The creator of malware takes control over your system, your Internet browsers and monitors your keystrokes. They sometimes use your email account to send thousands of spam emails and involve in click fraud.
  • Hacking: Typically hacking targets a specific person. Hackers are very smart they send emails with convincing subject line, attached with a virus. Sometimes, they send emails from your friends’ or business partners’ account (the one which they already hacked). When such attachments are installed, they gain access to your system without your knowledge. Once the hacker gains access to your system, they look for information to steal your financial accounts, trade secrets, client details or your intellectual property.

Precautions to take

  • Update your operating system or enable ‘automatic update’
  • Install anti-virus and anti-spyware software in your system. Because this will inspect all files in your computer as well as your attachment files for viruses and spywares. Whenever they find any infection, they will remove it or immediately alert you
  • Back up all important files on your computer
  • Install and maintain a firewall on your computer – configure it. This will alert you whenever a program or process is attempting to access your system
  • Use attachment filters that will block certain file names or extensions
  • When you are not using your system, shut it down
  • Disable settings in your email program that automatically download the attachments


Precautions to take while opening email attachments

  • Don’t click, open, save or run any email attachments that you suspect
  • Be cautious about the executable files that end with the extensions such as .exe, .vbs, .lnk, .pif, .scr, .bat and so on
  • If you think the file is legitimate, check the contact details whether they are matching with the original source
  • Don’t give personal or sensitive information by email. Remember, no legitimate source will ask for information through emails

Small businesses are common target of cyber criminals as they often give least attention to this kind of matters. Use your emails sensibly and safeguard your business.