DISCLAIMER: The solutions presented on this page are the property of ACME LABS Sp. z o.o. and are subject to legal protection in Poland and abroad, on the basis of intellectual and industrial property rights.

DEADLY ATTACHMENTS

by

90% of malware is sent by cybercriminals as attachments in e-mail, and, as a consequence lack of our attention, can destroy our data and deprive us of money. If we add that 90% of hacker attacks are successful due to human error, then we have a recipe for a fraud scenario. 

Virus scanning mechanisms in place that scan our email are not effective enough to catch all messages containing attachments infected with malware. Our vigilance is dormant when we are dealing with attachments in the known file formats generated in business applications or by data compressing programs, but we are more vigilant when we have to run an executable file - e.g. exe. 

In the case of popular office application files, we do not always take into account that, for example, you can enter the macros. If, after running such a file, the program asks us if we agree to enable macros, then a red light should light up in our head when we are not 100% sure of the origin of the message. Consent may mean running a script that installs malicious software. 

In the case of compressed data archives, i.e. popular ZIP, RAR, 7ZIP and others, the virus is usually activated after unpacking the archive contents. 

Each of the above file types can only pretend to be a format file, or it can simply be a hidden .exe format file. It may happen that you receive an unexpected invoice in PDF format, but its full name that you may not notice is, for example, "Invoice_25 / 04.pdf.exe". After downloading and running such an attachment, which looks like a "regular" PDF, your device is infected with malware. 

There is another threat hidden in PDF files that most of us are not aware of. PDFs have a specific layered nature and therefore are not completely safe as criminals can manipulate the layer of the file we see. A scam using this feature of PDFs is that, for example, we can electronically sign a PDF document, the real content of which is different from the one we see at the time of signing. There are three types of manipulation of the content of such a PDF document: hiding a document layer, replacing it with a modified version, or hiding and replacing it in one. 

As you can see from the above list, our email correspondence is not secure and even if we are careful, we may become the next victim of the attack, as fraudsters keep coming up with new ways and methods of cyber attacks. 

Therefore, it is worth using additional solutions that increase the security of electronic communication. eMARKER (eZNACZEK in Poland) is a solution that gives credibility to the sender of the message and allows you to trust its content. If you use the eMARKER the dilemmas described above regarding popular file types may become a thing of the past. The eMARKER should soon become a good market standard in terms of security, distinguishing messages we receive from trusted sources. 

CONTACT US