Email is the main method for phishing/hacking.

The usual scenario is as follows:

You receive an email, that appears to be from [supplier, customer, friend, employee] with an attachment. Either it is automatically previewed, or/and requires you to click to view. It may then prompt you to enable ‘xyz’ plugin to view or activate something to see the attachment or even just open it.

If it’s malicious and you clicked, your system is no longer yours!

If at any point after clicking you get taken to a Login page… STOP, go and speak to you IT support provider.

By simply blocking or quarantining certain common file extensions which are most often used for malicious activity the threat is stopped dead, yes, some genuine email will get stopped, but you should be expecting those emails with those types of attachment and will know to look in the quarantine which is a small inconvenience.

Where possible always show file extensions as this will allow you to: a see the type of file, b detect multiple extensions such as filename.zip.exe or filename.jpg.exe.

Block the following file types (many of which are required by the Cyber Essentials Scheme):

  • .com .exe .bin .pif .msi
  • .sh .py .js .vbs .scr
  • .hta
  • .cmd .bat
  • .vb
  • .msc
  • .vbe .jse
  • .scf .inf .reg
  • .ps .ps1 .psc1.ps1xml
  • .ps2 .psc2 .ps2xml
  • .ws .wsf .wsc .wsh
  • .msh .mshxml
  • .msh1 .msh1xml
  • .msh2 .msh2xml
  • .msp .cpl, msc
  • .lnk
  • .gadget

Macro enabled / Microsoft Office files have always been a problem. Microsoft disable macro’s by default but that has not always been the case or may remain so, so you should consider blocking these also:

  • .DOCM, .DOTM, .XLSM, .XLTM, .XLAM, .PPTM, .POTM, .PPAM, .PPSM, .SLDM
  • .RTF, .PPSX

Compressed files may contain malicious files so your email filtering system should be set up to look inside those file types.

  • .mht
  • .zip .7z .rar .tar.gz .tar .gz .jar
  • .dmg

You might notice that many of these extensions are used by the Microsoft Windows operating system, opening some of these on Mac or Linux would typically have little impact, however some of the file types are script files which Linux and Mac may run, normally this requires the user to take a number of steps which will then even when run cause little impact on a sensibly configured device with a competent user, but that is not a given, so block first and release later even if you use Apple or Linux.