John Mayer <JMayer@gma1ll.com> Quarterly Reportsyouremailaddress@email.comLoan Info.xlsx
(20kb)Pre Approval.docx
(15kb)
Hey, I need help getting started with my loan and heard you guys had the best rates. I attached all the necessary documentation and because I'm trying to close on the home soon, it'd be great if you could look these over ASAP and get back to me today. Thanks!
You just received an email with several attachments. Slow down and think things through. How do you know if it's legit?
1. Sender
John Mayer
<JMayer@gma1ll.com> Quarterly Reportsyouremailaddress@email.comLoan Info.xlsx
(20kb)Pre Approval.docx
(15kb)
Hey, I need help getting started with my loan and heard you guys had the best rates. I attached all the necessary documentation and because I'm trying to close on the home soon, it'd be great if you could look these over ASAP and get back to me today. Thanks!
Do you recognize this sender? Are you expecting an email from them?
Correct: While this could be a new customer, it's important to be even more careful when opening attachments from people you don't know.
Incorrect: While this could be a new customer, it's important to be even more careful when opening attachments from people you don't know.
2. Urgency
John Mayer <JMayer@gma1ll.com>
Quarterly Reportsyouremailaddress@email.comLoan Info.xlsx
(20kb)Pre Approval.docx
(15kb)
Hey, I need help getting started with my loan and heard you guys had the
best rates. I attached all the necessary documentation and because I'm trying to close on the home
soon, it'd be great if you could look these over
ASAP and get back to me
today. Thanks!
Often times attackers will try and pique your curiosity with things that are too good to be true, a sense of urgency, flattery, or other suspicious word usage. Is this email suspicious?
Correct: While the sender could be genuine it's important to be more cautious when you see these signs.
Incorrect: While the sender could be genuine it's important to be more cautious when you see these signs.
3. Extension
John Mayer <JMayer@gma1ll.com>
Quarterly Reportsyouremailaddress@email.comLoan Info
.xlsx(20kb)Pre Approval
.docx(15kb)
Hey, I need help getting started with my loan and heard you guys had the best rates. I attached all the necessary documentation and because I'm trying to close on the home soon, it'd be great if you could look these over ASAP and get back to me today. Thanks!
Check the file extensions. Don't download and run executable programs in attachments. Do these attachments look like real documents, or executable files (.exe)?
Correct: Although not applications, attackers can still embed code in Microsoft Office documents, which we'll show you how to protect against.
Incorrect: .docx and .xlsx are common Microsoft Office document extensions. Although not applications, attackers can still embed code in Microsoft Office documents, which we'll show you how to protect against.
3. Extension (cont'd)
John Mayer <JMayer@gma1ll.com>
Quarterly Reportsyouremailaddress@email.comLoan Info.xlsx
(20kb)Pre Approval.docx
(15kb)
Hey, I need help getting started with my loan and heard you guys had the best rates. I attached all the necessary documentation and because I'm trying to close on the home soon, it'd be great if you could look these over ASAP and get back to me today. Thanks!
If you have any suspicion regarding the email, sender, or content, do not open any attachments and contact your friendly neighborhood IT department.
3. Extension (cont'd)
John Mayer <JMayer@gma1ll.com>
Quarterly Reportsyouremailaddress@email.comLoan Info.xlsx
(20kb)Pre Approval.docx
(15kb)
Hey, I need help getting started with my loan and heard you guys had the best rates. I attached all the necessary documentation and because I'm trying to close on the home soon, it'd be great if you could look these over ASAP and get back to me today. Thanks!
Simply opening the Office document is enough to compromise your computer. If you do open the document, there are a few risks to be particularly aware of.
4. Protected View is your Friend
By default, Microsoft Office applications will open downloaded files in Protected View. If you don't need to edit the file, then don't enable editing!
5. Macros
Unless it's an internal document, you should never have to enable macros. Hackers can write code exploits into macros that run when enabled.
6. Embedded Programs
Professional companies and individuals are not going to put programs or files into Microsoft Office documents like this. Hackers are. Don't open up programs in Microsoft Office documents.
A Practical Example
For the next few slides, imagine that you are trying to hire a new employee for your team. As part of this process, you have asked candidates to send you an email with their resume attached. Let's walk through this process together, and look at things from a security standpoint!
Candidate Email
John Baker <JBaker@example.com>
Job Applicationyouremailaddress@email.com JohnResume.docx
(15kb)
Hey! I heard you guys were hiring, and I would love a chance to speak with you about this exciting opportunity! I have attached my resume to this email. --John Baker
Here's an email from a potential candidate. After ensuring that the attachment type is legitimate (e.g. .xlsx, .docx, etc.), go ahead and click on the attachment.
x
Do you really want to download this file?
Downloading...
*Since we ARE expecting this email, and the extension looks legitimate (.docx), let's go ahead and download it. (NOTE: No files will actually be downloaded to your computer during this simulation).
Opening the File
JohnResume.docx
Now that we've downloaded the Microsoft Word file (.docx), let's go ahead and double-click it to open it up.
Great job! Now we can safely review this applicant's resume, and continue on with our day.
*Since we only need to read this applicant's resume, and not edit it, let's stay in Protected View! (don't "Enable Editing"!)
Since we don't quite know yet if we can trust the email sender, it's safer to not enable content/macros.
Things to Remember:
Check the sender's email address
Check the extension of email attachments before clicking
Be cautious of Office alerts (Protected View, Enabling Macros, etc.)
JohnResume.docx
(15kb)
