Unexpected attachments are one of the most reliable ways hackers deliver malware – and they often come from contacts you already trust.
What to do:
- If you receive an attachment you weren’t expecting, don’t open it – even if it looks like a normal document.
- Send the person a quick message or call them to confirm they sent it. Do not reply in the same email thread, which the attacker also controls.
- Be especially skeptical of ZIP files, executables (.exe), and Word or Excel files asking you to “enable macros.”
Common mistake: A vendor’s email account gets compromised. The attacker uses it to send everyone in that vendor’s contact list an email with a malicious attachment – for example, an “invoice” or “updated contract.” The email looks completely real because it comes from a real address belonging to a real person you’ve worked with.
Nothing about it raises a red flag until you open the file. A quick text or phone call to verify would have caught it entirely.
The attachment isn’t the vulnerability – the assumption that it’s safe is.
How to know it’s done:
- Employees know to verify unexpected attachments out-of-band before opening them
- This habit is practiced, not just understood in theory
