Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Trends in Malicious Attachments Used in Phishing Emails

    Stu Sjouwerman | Oct 14, 2020

    malicious attachments phishing emailsPeople need to be familiar with the types of malicious attachments used in phishing emails, according to Lawrence Abrams at BleepingComputer. One of the most common methods of installing malware is via macros (small pieces of code) embedded in Microsoft Office documents. These are disabled by default for security reasons, but attackers craft documents to trick users into enabling macros.

    Different commodity malware strains tend to use different techniques to convince people to enable macros. Threat actors using the Dridex Trojan, for example, frequently use documents that have very small or hard-to-read content, with a large banner telling the user to click “Enable content” in order to view the content clearly. Emotet, on the other hand, is often distributed via documents that display an error informing the user that they need to enable content to gain access to the document.

    The BazarLoader malware is often spread via phishing emails that contain a link to Google Docs or Google Sheets. If a user clicks the link, they’ll be asked to download what appears to be a Word document. This is actually an executable file that installs the malware directly.

    These techniques aren’t exclusive to these strains of malware, but users can protect themselves as long as they know they should never click “Enable content” in an Office document.

    While the use of macro-laden Office documents is extremely widespread and effective, Lawrence adds that attackers can also use files that execute automatically when they’re opened.

    “Finally, you should never open attachments that end with the .vbs, .js, .exe, .ps1, .jar, .bat, .com, or .scr extensions as they can all be used to execute commands on a computer,” Abrams says. “As most email services, including Office and Gmail, block ‘executable’ attachments, malware distributors will send them in password-protected archives and include the password in the email. This technique allows the executable attachment to bypass email security gateways and reach the intended recipient.”

    New-school security awareness training can enable your employees to protect themselves against these threats.

    BleepingComputer has the story.

    Topics: Phishing Malware Email Security

    Discover Your Organization’s Phish-prone™ Percentage

    Ninety-one percent of data breaches begin with spear phishing. Launch our Free Phishing Security Test for up to 100 users to uncover your team's vulnerability and see how your security posture stacks up against industry benchmarks.

    Get Your Free Phishing Security Test

    Secure the Digital Workforce: Human + AI

    KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the Founder and Executive Chairman of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog

    Posts By Topic

    View All