Is That Email Attachment Malware in Disguise? How to Protect Yourself From a Spear Phishing Scam

By on Apr 25, 2017

The term phishing is floating all over the news these days. And no, I’m not misspelling the fun sport where you try to reel in some seafood for dinner. I mean the type of cyberattack that uses social engineering, aka manipulation, online to trick someone into giving up their personal data. Some of the most recent and powerful examples of a spear phishing attack are the Shamoon2 attacks we’ve seen in Saudi Arabia, which infected machines with malware and destroyed systems through a specific type of phishing called spear phishing.

So, how did this specific spear phishing attack work, exactly? Cybercriminals targeted specific organizations in Saudi Arabia with emails that included malicious attachments in them. Then, when victims clicked and opened the attachment, they were infected, valuable company data was taken and systems were quickly wiped.

Spear phishing has been around for quite some time, but has been as effective as ever lately. Spear phishing’s success is based in familiarity. Usually, cybercriminals pretend to be an organization or individual that you know, and include a piece of content—a link, an email attachment, etc.—that they know you’ll want to interact with. For example, cybercriminals have taken advantage of tragedies in the headlines, and used targeted emails claiming to be a charitable organization asking for donations. In the case of Shamoon2, the attackers lured in victims with a tempting email attachment sent from organizations the victims were likely to trust. But instead of giving to their charity of choice, or opening a seemingly harmless workplace attachment, victims then self-infect their systems with malware.

Moral of the story: spear phishing (and regular phishing) attacks can be tricky. However, fear not, there’s a lot you can do to stay on top of this threat, as well as protect your inbox and, therefore, your personal data, from attack. For starters:

-Go straight to the source. Spear phishing attacks can be easily deceiving. In fact, cybercriminals have been able to impersonate known, credible charities or an employer’s business partners and customers. So, if you receive an email from an organization asking for donations or a partner asking you to open a file you didn’t request, a good rule of thumb is to go directly to the organization through a communications channel other than email. Go to the company’s site and do more research from there. That way, you can ensure you’re gaining accurate information and can interact with the right people, rather than cyber-attackers.

-Always check for legitimacy first. Spear phishing emails rely on you—they want you to click a link, or open an attachment. But before you do anything, you always need to check an email’s content for legitimacy. Hover over a link and see if it’s going to a reliable URL. Or, if you’re unsure about an email’s content or the source it came from, do a quick google search and look for other instances of this campaign, and what those instances could tell you about the email’s legitimacy.

-Stay educated. In response to events such as Shamoon2 spear phishing attack, McAfee is increasing its investments to research, investigate, and, where possible take down the people behind the attacks. We’ll get you the latest information so you can protect yourself. In fact, our Strategic Intelligence team recently uncovered a lot of helpful details available on the latest Shamoon2 attack. So, make sure you check in on all announcements that come from the team to stay clued in on what cyberthreats are emerging and how you can protect yourselves from them.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

About the Author


McAfee is the device-to-cloud cybersecurity company. Inspired by the power of working together, McAfee creates business and consumer solutions that make our world a safer place. Take a look at our latest blogs.

Read more posts from McAfee

  1. This type of virus is spread via email right? It’s a good thing I use my phone to check my email since I haven’t heard of any virus that can fit in a phone already filled with games.

    • It probably wouldn’t be as likely for a virus to get into your phone than a computer, but it can still happen. As far as I know, there is no way to protect your phone from viruses.

  2. You haven’t said how to identify these emails. Is there a market of some sort?

    • if the email is from a ‘no reply’ email that you haven’t signed up for (like newsletters or google for example if your email is Gmail).
      if the email seems weird, like an email from something you haven’t done etc.
      if you have a bank account and they send you a link to click on to renew stuff for example, delete it immediately or verify from your bank that they sent the email etc.
      a lot of the phishing could just fall straight into spam so you don’t have to worry TOO much.
      if you get sent any attachment/link from an email that you dont recognize (like a random person/email) then delete it immediately.

    • I want to be completely protected from all threats and fully protection from WannaCry Ransomware

    • It is best to be cautious and go to the site directly versus clicking links if you are unsure.

Subscribe to McAfee Securing Tomorrow Blogs