Attachments in Phishing 101

Post hero image

Table of contents

See Hoxhunt in action
Drastically improve your security awareness & phishing training metrics while automating the training lifecycle.
Get a Demo

Hoxhunt analyses real phishing attacks and their attachments to create the best phishing training for you. Based on that, we have created a quick introduction to the most common attachments used in the world of phishing. Sometimes in emails, attackers ask you to open an attachment. The text could say something like “Please verify your account details”, “Confirm your payment information”, or “Check this remittance advice”, to name a few.  All of these are real-life examples from phishing emails where attachments are used as a tool by the attackers to gain access to your sensitive information.

Opening an attachment in a phishing email can spread malware. For example, ransomware, to activate locking up your computer and encrypting documents to block access. Attachments are also used in attempts to steal your Office 365 or Google’s G Suite account details with a fake login web page. Attackers want to steal your information, and dangerous attachments are a simple way to achieve that.

'Log in to view this document'

There is no limit to the variety of attachments attackers use when phishing for your information. Attachments come in many types - From file-encrypting malware files (e.g. in a ZIP file) to a simple-looking document (e.g. PDF, DOC). All these attachments share the same goal: to be opened by you.  If you want to see how this works in real life, we have created a video tutorial in which attackers would use a PDF file claiming it's a Google Play Store gift card to steal the victims' passwords. Click here to watch the video and read the explanation of what and how happened.

Malware files are often delivered within messages directing you to download something important or verify the contents of the attachment. Often the attacks are related to financial and sales information, such as purchase orders or unpaid invoices, as these are common in corporate use. Sometimes it could be an urgent voice mail or an updated employee policy. All fake, of course. If you are asked to open Purchase_Order_PDF.zip or to urgently listen to Voice_Mail_Urgent.mp3.7z, you should stop. Report the email according to your email provider’s instructions or your employer's guidelines.

finance themes phishing attachment

Finance themed phishing attachment asking you to click a button and log in to your online banking account

Attachments to steal your password

If the attacker wants to steal your username and password, the attachments might ask you to click a link to log in. The link then takes you to a fake website that looks like the real login page. These attachments are often simple and try to make you curious, getting you to click the link and give your login information.  A common sign of a suspicious PDF attachment is a logo of a well-known service, like Office 365, and a button to sign in to read the document. This means attachments like July_Promotions.docx or Project_Plan.pdf, with a link to OneDrive or Office 365 login page, are most likely there to steal your account information. Stop, and report the email.

“Protected message” -phishing attachment urging you to click a button and log in to Office 365
“Protected message” -phishing attachment urging you to click a button and log in to Office 365

Attachment deleted; malware detected

Attachments are a simple way to sneak dangerous files into your computer or try to get you to log in to a password-stealing website. Technology tries to keep up with the most common dangerous attachments. Various filters and email scanners often do a good job. However, attackers invent new ways to use malicious attachments in phishing emails all the time, and many those will pass technical inspection.  Therefore, it’s important to recognize the variety of dangerous email attachments out there, what they ask you to do, and what happens if you open one. This way you can stay safe from the common tricks attackers use in their email attacks. Want to learn more about how we teach about phishing attachments at Hoxhunt? Head out to our Knowledge Base or request a demo to hear more. Stay safe!

How to Recognize and Avoid Phishing Attacks

Learn the basics of phishing

Want to learn more?
Be sure to check out these articles recommended by the author:
Get more cybersecurity insights like this