Many people use email in their personal life and their workplace. You can get an email from your aunt with her stew recipe or an email from your boss with a guest list for the office party. But what if the email isn’t actually from your aunt or boss? Cybercriminals often pretend to be someone you know to get you to click unsafe attachments, such as fake DOC files or PDF files. Some of the most common attachments used for attacks are DOC files and PDF files. It’s important to learn how to identify unsafe email attachments and protect yourself.

Fake DOC Attachments

Older Microsoft Word DOC files are commonly used in cyberattacks because they can include macros. A macro, short for macroinstruction, is a set of commands that can control a DOC file and other programs. Cybercriminals may send you an email with a DOC file that contains a macro. The email usually looks legitimate and gives an urgent reason for you to open the file. If you open the file, a pop-up window will display asking you to enable macros. If you accept, the macros will be able to install malware on your device.

Fake PDF Attachments

PDF files are sent over email every day, making them perfect tools for cyberattacks. One popular type of attack is when cybercriminals put an image in a PDF file to trick you into clicking it. For example, it could be an image that looks like a video with a play button. The image will be something that catches your attention, like a cooking video from social media or a cute cat video. Unfortunately, clicking the image could send you to a website designed to steal your sensitive information.

What Can I Do To Stay Safe?

Follow the steps below to stay safe from dangerous email attachments:

  • If a suspicious email appears to be from someone you know, contact them over the phone or in person. Check to see if the email
    is legitimate before putting yourself at risk.
  • Avoid DOC files in general. They use an outdated format and contain too many security risks. The newer DOCX format is the current standard and is much safer.
  • Always think before you click. Cyberattacks are designed to catch you off guard and trick you into clicking impulsively.

Meet the Cyber Monsters!

TRUE NORTH FEDERAL CREDIT UNION CYBERSECURITY MONSTERS

Count Hackula
Whether by brute force or the charm of social engineering, Count Hackula is desperate to drain your networks of vital personal identifiable information (PII). Ensure your systems are safe from this monster with secure passwords and employees who know enough to see past Count Hackula’s mesmerizing gaze.

TRUE NORTH FEDERAL CREDIT UNION CYBERSECURITY MONSTERS

Spoofy Steve
Wrapped in ancient layers of digital cloth, Spoofy Steve hides his scammy intentions from all but the most insightful of employees. Use well-honed social-engineering-spotting skills to avoid his tricks as he pretends to be a coworker or supervisor asking for sensitive information.

TRUE NORTH FEDERAL CREDIT UNION CYBERSECURITY MONSTERS

Breachatrix le Phish
This sister of the night has her evil eye set on the most valuable of targets; C-suite and finance managers beware! Breachatrix le Phish will swoop in to cast her spear phishing spells to steal secrets and treasure but can be warded off with a resilient security culture in your organization.

TRUE NORTH FEDERAL CREDIT UNION CYBERSECURITY MONSTERS

Ransomwolf
Lurking in that innocent-looking file attachment you just downloaded, Ransomwolf is ready to gobble up all your important files, bounding from folder to folder through the forest of your network. Unlike other werewolves, Ransomwolf is invulnerable to “silver bullets.” Organizations need both regular backups and a well-trained employee base to keep this monster at bay. Don’t wait until this monster turns into something worse!

TRUE NORTH FEDERAL CREDIT UNION CYBERSECURITY MONSTERS

Frankenphisher
Frankenphisher is stitched together from all the most dangerous pieces of phishing emails; compromised links, malicious attachments, you name it! Before he gets a chance to bust down the door of your network, make sure your people know what makes a phishy email phishy.