This is how most stories about ransomware infections begin.
Here are a few hints that will help you tell that something’s fishy:
- First sign: if the email ended up in Spam, clearly something is wrong with it. Trust the spam filter. Let it stay there.
- Ok, you’re stubborn. Next step: have a look at the header. Does the email address match your friend’s one? No? Then it’s not legit. End of story. Also make sure you check for small variations in name (it can be different letters, misspellings, or a different web domain).
- Since we’re talking about the email header, if you are using Gmail you could also check if the email is encrypted (that’s a good sign).
- Moving on. You notice there’s an attachment. Before you rush to download and open it, look at its extension. What type of file is it? No photo archive will ever be an .exe. Be aware of Office files as well, as they can contain malicious code. Make sure you disable the Macros function in Microsoft Office before opening any Documents or Excels.
If it helps you to calm down, just pick up the phone and call your friend. Ask them if they sent you an email and from what address.
Better be safe than sorry, right?
Credit: @Daily Security Tip