Attachments are one of the oldest tricks in the hacker’s book — and still one of the most effective.
Why? Because people trust what lands in their inbox.
Before you double-click that PDF, invoice, or resume, pause.
Here’s a 3-step checklist you can print and pin on the wall:
1. Check the sender
- Do you actually know this person or company?
- Is the email domain correct (not paypaI.com instead of paypal.com)?
- Were you expecting this attachment?
2. Look for warning signs
- Urgency: “Open immediately”, “Payment overdue”
- Odd file types: .exe, .js, .scr
- Unusual size: Why would a 2-page invoice be 10 MB?
3. When in doubt, verify
- Call or message the sender through another channel.
- Ask IT or your security team if you’re unsure.
- Remember: it’s always safer not to open than to take the risk.
Final thought
Most ransomware outbreaks start with one attachment.
One click can cost hours of downtime or millions in losses.
Make this checklist a habit — and make it visible to your team.
👉 Security doesn’t start with technology. It starts with pause, check, and verify.
