As always, you must be suspicious of all email attachments, because attackers are finding new ways to get around email security filters. The latest attack includes Microsoft Office attachments containing hyperlinks to dangerous websites.
If you unknowingly download one of these attachments and click on a link from within the document, you will be brought to a malicious website that steals your sensitive information. This particular attack is usually carried out with Microsoft Word attachments, but dangerous links are certainly not limited to files with .docx file extensions. This attack could occur with almost any file type.
Oftentimes you can spot a scam quickly by just looking at the body of the email. Look for typos, other incorrect info, or (if it’s supposedly from someone you know) in a tone that’s inconsistent with the way that person would normally write.
Always remember the following to prevent this type of attack from happening to you:
- Never open attachments from people you don’t know.
- Don’t open any attachment unless you have asked for it, or have verified with the sender that it’s legitimate. Call, text or send them a separate email to confirm that the attachment is valid before you open it.
- Check out the email’s subject line because it’s probably something written specifically to incite you to action (i.e. “Account Update Required”, “Payment Overdue”, “Account Deactivated”, “Avoid Service Interruption”, “Important Message”).
- Before clicking any link within an email or an email attachment, hover your mouse over the link to see where it would take you.