My policy on email attachments

Print Friendly, PDF & Email

I find it pretty amazing that even after all this time, and all the alerts and warnings, and all the bad things that have happened…the scammers are still able to trick people into opening email attachments. If you follow my guideline about this, you won’t ever have a problem.

email attachments


There are several ways for your computer to get infected with a virus or malware. But do you know what the #1 most common method still is? Email attachments.

Yes, here we are in 2019, when you’d think everyone in the world knows that a virus can come in via a file attached to an email, and we still see that method of delivery as the most successful one for the scammers and hackers to infect someone’s computer.

As a computer tech, I talk to clients about this pretty regularly. And I often hear the same thing from a lot of different people, who think they have the whole “email attachment safety process” figured out. Here’s what they tell me:

“I don’t open an email attachment,
unless it’s from someone I know”

WRONG. If that’s the policy they go by, they’re probably going to have an infected computer at some point. It is fundamentally flawed.

This is my policy on opening attachments:

email attachments

That sounds kind of counter-intuitve, right? I mean, someone you know wouldn’t send you an email, would they?

Here’s why this makes sense. Let’s say your best friend is Bob. You trust Bob completely. Bob is the godfather to your children. Bob once rescued you from a burning building. He’s even honest enough to tell you when you have food on your face at dinner. So you know you can trust Bob, and you know that he wouldn’t send you a virus by email.

But then one day Bob opens an email attachment. He wasn’t sure what it was, but when he clicked and opened it, he saw that nothing happened. So he just figured it was some kind of mistake, deleted the email and forgot about it.

What Bob doesn’t know is that his computer is now infected. He didn’t see anything happen on the screen when he clicked that attached file, and that is exactly what he was supposed to see – nothing. That means he did not become suspicious and did not see any reason to investigate it further. That is exactly the response the hacker wants.

But behind the scenes, not visible on the screen, the virus is now working hard to do whatever it was programmed to do. It might be installing a keylogger (to track whatever is typed, such as social security numbers or credit card numbers) or other malicious software.

And the OTHER thing that virus is doing is sending out an email to everyone in Bob’s email contact list. Probably the same email that Bob received, with the virus attached. And Bob does not even know these emails are being sent.

So even though he’s your best friend and you trust Bob with your life, you should not open that email attachment that just got sent to you from his account.

For me, I don’t care who sent it. My own mother could send me an email attachment and I would not open it. Sorry mom!

And of course, here’s the objection: “But sometimes I have to open attachments! It’s stuff I need to see!”

That’s fine. If you need to open an attachment, and you know what it is before opening it, go for it. But that’s the key – knowing what it is ahead of time.

The scammers are very clever about making you THINK you know what it is, when you really don’t know. You might get that email from Bob, and the message says, “Check out this picture I found of us!” but that doesn’t make it safe to open. The virus wrote that message, not Bob.

Or you might get an email that is apparently from Fedex, saying, “We’re trying to deliver your package, but cannot find your address – please check the attached invoice to verify your address.” This one is especially clever, since half the people that get this actually ARE expecting a package delivery, so they just click the attached file without thinking about it – and immediately they are infected. And now their computer is sending out that same email to THEIR contact list. And it goes on and on.

All it takes is a half-second of inattention. You might click and then suddenly realize, you just clicked on something and you don’t REALLY know what it is. Hopefully at that point you have a good strong antivirus, and someone you trust to check out your computer and get rid of the bad stuff.

listen to my podcast Apple Podcasts

Share this post

1 comment so far Add your comment »

Get updates when new comments are added. Subscribe to the comments RSS Feed

james wilson
June 27th, 2019

Thank you for this valuable insight on “attachments” and how dangerous they are.