Paubox blog: HIPAA compliant email made easy

5 email attachment security best practices

Written by Sara Uzer | May 16, 2022

Often disguised as a word document, PDF, or other type of file, malicious email attachments are designed to carry out attacks on victims' computer systems. Once opened, these dangerous attachments can install malware, destroy data, or give cybercriminals access to sensitive information.

To protect your organization from this ongoing threat, it's crucial to know what to look for and put the right measures in place. Keep reading to learn about some email security best practices to keep top-of-mind and how to stay proactive with a HIPAA compliant email provider.

5 email attachment security best practices

  1. Watch out for dangerous file formats

  2. Pay careful attention to the sender

  3. Pause at poor language or odd requests

  4. Don't open unexpected attachments right away

  5. Update your system and settings

1. Watch out for dangerous file formats.

Executables are one of the most popular types of malware. This means .exe files in an unsolicited email should always be treated with suspicion. Compressed files are another common hiding spot for malware. Therefore, it's wise to steer clear of clicking any zip, .rar, .r09, or .arc attachments unless you're fully clear on the purpose behind them. Despite their legitimate uses in a business setting, attachments with macros can also be harmful.

Approach attachments with an “m” at the end, such as .docm or .xlsm, with extra caution. Some attackers may even take additional steps to conceal malicious files. Be wary of long file names and double extensions, such as image.gif.exe.

 

2. Pay careful attention to the sender.

When you receive an email with an unsolicited attachment, consider the sender. Is the message from someone within your organization or another individual you trust? The FBI warns to never open an email attachment from someone you don’t know. If the email appears to be from someone you do know, look for small inconsistencies.

Cybercriminals often alter email display names to make the message look like it’s coming from a trusted source. Therefore, it's best to check both the name and email address field. An email address may also look authentic at first glance, but closer inspection can reveal a few missing or swapped letters.

It's also smart to keep an eye out for discrepancies between the email address and domain name. These are all signs to avoid opening the attachment and to delete the email altogether.

 

3. Pause at poor language or odd requests.

Cybercriminals frequently attempt to scare victims into opening malicious email attachments by creating a sense of urgency. For instance, email attachment scams may mention an issue with your account or an overdue invoice and direct you to an attached file.

However, keep in mind that reputable organizations will never ask for sensitive information over email, such as passwords or or credit card information. A poorly written email with spelling and grammar mistakes is one of the more obvious signs of a malicious email. A generic greeting like “valued customer” can also be a tip-off, as credible organizations will address recipients by name.

 

4. Don’t open unexpected attachments right away.

If the sender and message appears legitimate but you still have your doubts, it's always best to trust your gut. Email accounts can be compromised and the sender might be distributing a virus to everyone in their address book.

If you're unclear on the safety of an email attachment, scan it through your antivirus app first. A good rule of thumb is to only open email attachments that are expected. If the message seems suspicious, it's okay to reach out to the sender for clarification.

 

5. Update your systems and settings. 

For additional protection from malicious email attachments, The Cybersecurity & Infrastructure Security Agency (CISA) recommends ensuring that your operating system and antivirus software is up to date and installing software patches. This way, attackers can't exploit known vulnerabilities.

It's also a good idea to enable automatic updates, if your operating system offers this option.

In addition, CISA suggests disabling the option to automatically download attachments. Since some viruses need "administrator" privileges to infect a system, you may consider reading your email on an account with restricted privileges.

 

Stay proactive with HIPAA compliant email 

Following the right email security measures can prevent the chance of falling victim to malicious email attachments and other threats. However, human error is ultimately inevitable. That’s why healthcare providers should take further steps to safeguard sensitive information with a stronger inbound email security strategy.

Along with enabling HIPAA complaint email by default, Paubox Email Suite’s Plus and Premium plan levels include robust inbound email security tools for additional protection. These help prevent malicious emails from reaching the inbox in the first place. Our patent-pending Zero Trust Email feature uses email AI to confirm that an email is authentic. Additionally, our patented ExecProtect solution quickly intercepts display name spoofing attempts right off the bat.