Think before you click: Unsafe email attachments

Image of a scary Halloween character from Frankenstein

May people use email in their personal life and their workplace. You can get an email from your aunt with her stew recipe or an email from your manager with a guest list for the office party. But what if the email isn’t actually from your aunt of manager? Cybercriminals often pretend to be someone you know to get you to click unsafe attachments, such as fake .doc or .pdf files, which are some of the most common attachments used for attacks. It’s important to learn how to protect yourself.

Fake DOC and PDF attachments

Older Microsoft Word .doc files are commonly used in cyberattacks because they can include macros. A macro, short for macroinstruction, is a set of commands that can control a .doc file and other programs. If you open the illegitimate file, a pop-up window will display asking you to enable macros. If you accept, the macros will be able to install malware on your device.

PDF files are sent over email every day, making them perfect tools for cyberattacks. One popular type of attack is when an image is put in a PDF file to trick you into clicking it (for example, a video play button). Unfortunately, clicking the image could send you to a website designed to steal your sensitive information.

Fake QR codes

QR codes sent over email have recently been used as a cyberattack tool. These emails are designed to trick you into scanning a non-legitimate QR code that takes you to a malicious website created to install malware, steal personal information and login credentials, or gain access to sensitive company data.

What you can do to stay safe

Follow the steps below to stay safe from dangerous email attachments:

If a suspicious email appears to be from someone you know, contact them over the phone or in person. Check to see if the email is legitimate before putting yourself at risk.
Never click or scan a QR code in an email.
Avoid .doc files in general. They use an outdated format and contain too many security risks. The newer .docx format is the current standard and is much safer.
Always think before you click. Cyberattacks are designed to catch you off guard and trick you into clicking impulsively.
Read this article to learn more about how to recognize and avoid phishing attacks
Enroll in OC's Cybersecurity Awareness training. Complete the training by Oct. 31, 2023, for a chance to win a $50 gift card to the OC Campus Store.

Learn more at okanagan.bc.ca/it-security.

Adapted from KnowBe4.com

Published: Oct. 23, 2023

Programs & courses Programs & courses

Areas of study Areas of study

Related links Related links

Become a student Become a student

Enrolment support Enrolment support

Experience OC Experience OC

Starting out Starting out

Services for students Services for students

Important resources Important resources

Become a student Become a student

Getting settled Getting settled

Support and services Support and services

Quick links Quick links

Our campuses Our campuses

Visitor information Visitor information

Centres Centres

Who we are Who we are

Initiatives Initiatives

Work here Work here

Related links Related links

Support OC Support OC