Previewing Email Attachments Could Mean Trouble

February 21, 2019 | by Teresa Zwierzchowski | email security, Microsoft, cybersecurity

How many times have you received an email - from a trusted source - with an attachment? Not wanting to fully commit and open the attachment (because WHAT IF it is malicious), you chose to preview it.

Even that is not a safe bet in today's threat landscape.

According to a new article from SC Media, security researchers at Bromium recently saw a new "malware infiltration technique that involves the execution of malware even if the user does not open the Word document containing the malware." Just clicking on the on a document on Outlook or Windows Explorer to generate a preview triggers the malware, the article states.

The article also noted that the malware executes its tasks "even if the file is marked as coming from an untrustworthy location and is capable of ensuring that the payload is not scanned by some antivirus APIs."

READ THE FULL SC MEDIA ARTICLE HERE: Users don't have to open malicious docs to trigger new Microsoft malware

AppRiver clients can rest assured knowing our email security filters block these type of messages - and have been for months. From Feb. 1 to Feb. 19, we have seen and blocked nearly 130,000 of these type messages. 

To further help protect yourself from falling victim to these type of attacks, we recommend disabling the preview feature in Office. To do so, follow these steps: 

  1. In Outlook, select File > Options >Trust Center >Trust Center Settings, and then select attachment handling
  2. To turn off all attachemtn previews, click Turn off Attachment Preview
  3. To turn off specific attachment previewers, click Attachment and Document Previewers, clear the check box for a previewer you want to turn off, and then click OK