The OPP are warning of the dangers of viruses, worms and trogans as part of their Cyber Security Awareness Month campaign.
“When it comes to email attachments, you should exercise extreme caution and assume the worst,” stated Supt. Paul Beesley, director of the behavioural, forensic and electronic services branch of the OPP. “Don’t actually download or run an attachment unless you have a good reason to do so. If you’re not expecting an attachment, treat it with healthy suspicion.”
According to an Oct. 22 OPP press release, reading the contents of an email should be safe if you have the latest security patches, but email attachments can be harmful.
“Email phishing scams can trick you into opening attachments or giving up personal information. They appear to be emails from people, organizations or companies you know or trust, but they’re often the gateway to identity theft by automatically installing malware, viruses, worms, and Trojans,” stated the release.
Email attachments are often disguised as letters of reference, resumes or information requests that can infiltrate and affect businesses involved in legitimate hiring processes.
“Insecure, infected or unencrypted email attachments can risk injecting a number of information and data security threats to your home or workplace environments,” said deputy commissioner Rick Barnum of the OPP investigations and organized crime branch. “Your personal information and business systems need to be safeguarded and it starts right at your inbox.”
According to the OPP these are often referred to as ‘spearphishing campaigns’ and high-value corporations and governments have been targeted through email attachments to take advantage of previously unknown security vulnerabilities.
Many email servers will perform virus scanning and remove potentially dangerous attachments, but you can’t rely on this. The easiest way to identify whether a file is dangerous is by its file extension, which tells you the type of file it is. A file with the .exe file extension is a Windows program and should not be opened. Many email services will block such attachments. Other file extensions that can run potentially harmful code include .msi, .bat, .com, .cmd, .hta, .scr, .pif, .reg, .js, .vbs, .wsf, .cpl, .jar and more.
Police advice that generally it is best to only open files with commonly used attachments known to be safe. For example, .jpg and .png are image files and should be safe. Document files extensions such as .pdf, .docx, .xlsx, and .pptx and should also be safe.
“Although it’s important to have the latest security patches so malicious types of these files can’t infect systems via security holes in Adobe Reader or Microsoft Office,” stated the release.
If you or a business suspects they’ve been a victim of ‘spearfishing’, contact your local police service, the Canadian Anti-Fraud Centre, report it to the OPP online at opp.ca, through Crime Stoppers at 1-800-222-8477 (TIPS) or tipsubmit.com.