Attached documents? I open them all the time.

by Wally Moore

on June 1, 2015

in Attached documents, blog

And not only that, I attach documents

to my emails all the time.

As an information technology (IT) company, DTS InfoTech resolves problems for customers who get themselves into trouble with attached documents. It doesn’t happen all the time, but often enough for us to know that people are tricked, regularly, by illegitimate emails that arrive in their Inbox, with attached documents that are fake.

Recently we received this email . . .

Subject: My Resume

Good day!

I noticed your website today Fri, 22 May 2015 and found it very likeable. I was hoping there was any possibility of internship or unpaid trial period, just to prove my competence.

As you will see in my attached resume, I am very qualified and have a very broad experience in this type of work. I am very confident it will be worth your time reading it, and I am even more confident you will find me very fitting in your enterprise.

Please see my resume.

I am very much looking forward to hearing from you.
With gratitude,

Sent from my iPhone

I was almost tricked

Maintaining our company website is my responsibility. So when I read this email, I was interested in their offer from a practical stand point. But truth be told, there was an emotional hook, they mentioned how they found our site very likeable. I thought, “Hey, someone likes our site. I’m doing my job!”  I like comments that validate what I do, even if it’s not true. And therein lies the trick, the emotional hook.

They offered to intern on an unpaid trial period just to prove their competence. Unpaid? Heck, I almost opened the attachment on that alone.

Getting people to open emails

To understate the obvious, opening an infected attachment can ruin your day. It may cost your company money to fix it and it will most definitely cost you in the time you lose having to deal with it.

Did you know that there is an entire industry devoted to getting people to open emails? It’s true.

Google this phrase: get people to open emails. You’ll get about 157,000,000 (that’s MILLION) results in 0.73 seconds. Some of those search results are from very reputable companies that I follow for marketing advice.

What’s the point?

There are a lot of very intelligent people working all the time on getting you to open emails. They think in terms of strategy. They test it, they make tweaks after testing and they test again. They are very talented and bright professionals in the business of getting people to open emails. They know how to tug on the strings of your heart, and emotions, so you will open the email, click on the attachment and read it.

The people and companies I just mentioned are reputable and professional, the good guys.

It’s the bad guys

Emails that are illegitimate, with attached documents that are fake, are so prevalent that we want to help you spot them in your Inbox.

That said, here are a few tips from Dan Neuwirth, owner of DTS InfoTech:

One key indicator that should give you pause is the “heartstring” test. If you are immediately drawn to opening an attachment from an unknown sender because the content tugs at your heart, step back from the mouse for a minute. You know the type: “the IRS is about to arrest you”, “the FBI has found bad stuff on your computer”, “Please print the attached FedEx invoice”, and the legendary Ms. Sage Okopo from Namibia has been looking all over the world and has found you reputable and would like to discuss entrusting you with her sum of $50 million.

You laugh, but it’s because you’ve seen all these at one point or another yourself.

Some of you have opened the attachments.

Whenever I'm asking myself if an e-mail is legitimate, or desirable, I also look for clues (markers) that bias me either toward or away from it. The original e-mail (referenced above) sends up several clues that I shouldn't open the attached document.

1. No one in the United States would write "Fri, 22 May 2015". Even if it were a human, they would spell out "Friday". This date was injected by a computer.
2. The date format suggests they're not in the US, wouldn't be a good fit anyway.
3. The e-mail is very generic. As I mentioned to a customer of ours, on a different (but similar) e-mail this morning, this e-mail could be sent to any thousands of people in any industry, and would appear to "fit". That's actually a clue to its illegitimacy.
4. The e-mail is "Sent from my iPhone" but has a Word document attachment. iPhones would generally be an unusual choice of device from which to edit or send a Word document.
5. The resume has a generic file name ("My_Resume_11779.doc"). Anyone credible would have named the file their own name, knowing that HR departments probably just toss the files into a folder. There would be nothing to identify the person if this doc was separated from the e-mail.
6. The e-mail sender’s name, signature, or “From” address don’t match. For example, the above e-mail came from Bob Smith (
7. (Now doing this on a disconnected system we use for quarantining purposes) the file, when opened, immediately flags a Macro Alert in Office. For this exact reason, Office 2010 and newer versions disallow macros (programming in documents) by default---the user must "opt in" in order to have the macros work. When you click the default of "Disable", you just see a standard Word document text that says something to the tune of "oh, you need to make sure you enable Macros because this is a very secured document and you can't just use a viewer on it ..." or something to that effect. This would be highly unusual for a resume where the author would want to have it seen by many people as easily as possible.

Best practices

What’s the best things you can do to prevent an infection on your PC from illegitimate emails? Use your head!

  1. When you receive an email, be vigilant, take your time and think about what you are reading. You don’t need experts, or special training to do this. Right?
  2. Be alert. Do you know the sender? Read the Subject Line. What is it really saying?
  3. Do not download and install anything you do not understand, or trust.
  4. Download files only from trusted sources.
  5. Maintain your computer and keep it up to date.
  6. Install anti-virus software and keep it up to date.
  7. Use complex passwords. Read this article on creating passwords

When in doubt

WARNING! The following is a personal opinion.

When I delete a suspicious email I never worry about it. If it’s really that important, the person who sent it will contact me when I don’t respond.

Over many years and literally thousands of unopened deleted emails, not once have I regretted it. Not once.

Dedicated to your success,

Wally Moore
DTS InfoTech