Detecting Scam Virus Emails Because Word Documents are Evil

Categories Scratched

I’ve heard recently about more people getting scammed by clicking on email attachments that open up a crypto virus that destroys an entire office network.

This morning I received an email in my inbox (my spam filter usually detects them) and it looked suspicious, like it might contain a virus.

In case it might help you, I’m going to go through the bits that made it look suspicious so other people know what to look for.

How can I tell it’s suspicious (and might contain a virus)?

An innocuous looking email (but does it bring a virus?)

This is the email I received. It looks innocuous enough, right? Somebody is sending me an invoice they want me to pay.

Helpfully they’ve put the details in the message but they haven’t included the payment information. That must be in the attached Word .doc file, right?

Don’t ever click that!

The first thing I do when I see a Word .doc is leave it the hell alone. I then wonder who sent me a Word document when they could have sent me a PDF or shared a Google doc or done any number of things.

If someone has, in earnest, sent me an invoice as a Word .doc file, I still won’t open it. They’re probably a small business and they don’t know about proper email hygiene, but I’ll reinforce my reputation for pedantry by replying directly, explaining that I never click on Word documents in emails and ask if they could send it to me as a PDF or at least include the payment details in the body of the email.

A quick list of the instantly visible dodgy parts

That Word document probably contains a virus

  1. The subject line: What invoice? I don’t remember getting an invoice.
  2. The sender: I’ve never heard of these people.
  3. The amount: It’s a weird amount. It doesn’t mention what it’s for.
  4. That Word Doc: It just has my name as the file name. That’s weird.

Some closer inspection

Then, having a deeper look at how this thing is put together I can confirm that there are reasons it shouldn’t be trusted.

  1. Email address and sender name: The email address and sender name don’t match. This probably has not come from a business’s official email account.
  2. Details of the message: It says that there’s a bill reference number and there’s an invoice number. These don’t agree and there’s nothing in the to explain the situation to me.
The sender name and the email address do not matchThe bill reference number is different to the invoice number

Why does this email exist?

Look, I can’t say for sure. I was suspicious of it so I got rid of it.

But it seems to me this exists with purposefully confusing information in the body of the email to get me to try to open the Word .doc file in the hope that it will explain the situation better.

Word documents (or things pretending to be them) can have malicious software in them that only executes when you try to open it. That software can sometimes ruin your life (unless you have a robust backup procedure).

What to do with an email like this.

Mark it as junk to help train your junk email filter and maybe things like this will not appear in the future.