Using malicious software—also called malware—to compromise a victim’s data or technology is one of the most common cyberattack methods. Malware is typically triggered by clicking on the deceptive links or dangerous attachments that often accompany phishing emails. In fact, recent research found that malicious document downloads are currently on the rise.

According to Netskope Threat Lab’s latest report, 40% of malware attacks have been deployed through the medium of harmful email attachments during 2021, representing a 20% rise over last year’s data. Specifically, these email attachments have been disguised as office documents—including Microsoft Office files, PDFs and Google Docs.

This rise in malicious document downloads is likely tied to cybercriminals taking advantage of shifting work arrangements during the ongoing COVID-19 pandemic. After all, the significant increase in remote operations over the past year has led to more employees relying on digital platforms (e.g., email and online messaging) to communicate with their co-workers.

With remote employees using virtual mediums to share important information and files, cybercriminals have been able to trick some of these workers into downloading malicious office documents via deceitful emails. For instance, a cybercriminal may impersonate a victim’s co-worker and email them a harmful file titled “Monthly Financial Report” in order to manipulate them into downloading it.

In light of this trend, it’s critical to take the following steps to protect against malicious document downloads:

  • Learn how to recognize and respond to phishing emails. In particular, always verify the sender’s identity by double-checking their address before interacting with an email and avoid opening any attachments from unknown sources. Further, employees should report any suspicious email activity to their IT department.
  • Implement antivirus programs and endpoint detection and response systems to help minimize malware threats. Update this software regularly.
  • Install email security features (e.g., spam filters) to help prevent malicious messages from landing in inboxes altogether.

For more risk management guidance, contact us today.