How to identify an email infected with a virus?

Malicious emails are still considered to be the most effective technique used to infect users with viruses

It is hard to recognize phishing emails

As humanity becomes more and more dependent on technology, especially the Internet, cybercriminals are forming organized crime groups to carry out fraudulent schemes and swindle money from unsuspecting victims.

While many tend to think that cybercriminals are super advanced hackers who rely on special code to break through security systems and even take control of users’ computers remotely, the reality is quite different. In most cases, these criminals are skilled scammers who use social engineering methods to trick users into installing malware on their computers.

The active use of spam and malware-filled emails is the best evidence of this. Instead of spending long hours creating elaborate attack schemes, hackers are now crafting email viruses designed to convince naive employees to open email attachments, thereby enabling an attack on the entire company's network.

Prevent ransomware

Such techniques have already proven to be highly efficient. For example, the year 2023 has seen significant advancements in ransomware attacks, with phishing emails being a primary delivery method. In fact, phishing remains[1] a predominant tactic used by cybercriminals, with many attacks designed to distribute ransomware.

According to recent statistics, ransomware is now present in a significant percentage of phishing emails, illustrating the continuous danger to cybersecurity. This shows how crucial it is to maintain your vigilance and pay attention to any strange emails in order to protect yourself against malware attacks.

Pay attention to malicious email examples to protect yourself

Indeed, malware emails are currently the most efficient attack vector.[2] Spammers are quick to exploit ongoing events such as sporting events, sales, and tax season, sending out hundreds of thousands of themed email messages. However, some tricks are effective all year round. The examples given below reveal phishing emails typically used for malware proliferation.

Hopefully, these email virus examples will help you identify phishing emails in the future and make you more skeptical about the reliability of emails sent by unknown individuals.

Example No. 1: Resume or job applicant emails

Phishing emails that contain an attached resume usually are sent to recruitment specialists, managers, or company owners who make hiring decisions. Such emails usually contain just a few lines of text, inviting the recipient to open the attached resume.

Typically, scammers expect these phishing emails to be convincing when trying to infect a particular company or healthcare organization. Such ransomware email examples were mainly used in CryptoWall 3.0[3], GoldenEye, and Cerber spam campaigns. See some examples of such phishing emails below.

Malware-laden resumePicture shows some examples of phishing emails that ostensibly deliver someone's resume, which contains a malicious code.

Example No. 2: Phishing spyware emails claiming to be from eCommerce giant Amazon

Cybercriminals tend to phish Amazon users with fake emails sent from bogus email accounts that seem legitimate at first sight. Such phishing emails can be used to swindle money from the victim or to deliver a malicious email attachment that carries a serious computer virus.

For instance, scammers were using email address to send out thousands of emails containing Locky ransomware. Such emails included such subject line: “Your Order Has Dispatched (#order_number)” and contained a ZIP attachment, which carried malicious JS file that, once opened, downloaded the ransomware from a particular website[4].

Below, you can see an example of malicious email delivering Locky and an example that was obtained during analysis of Spora distribution campaign.

Amazon email scamsAmazon users targeted via phishing emails that deliver ransomware such as Locky or Spora.

Example No. 3: Invoices

Another very successful technique that helped to boost the distribution of Locky ransomware involved phishing emails that carried an attachment called “ATTN: Invoice-[random code].” These deceptive emails contained a few lines of text in the message field, asking the victim to “see the attached invoice (Microsoft Word Document).”

The only problem is that the Word document actually contains a malicious script that gets activated via the Macro function. An example of the described email virus is provided below.

Malicious emails distributing LockyMalicious emails that contain attached "Invoice" file were used for Locky ransomware distribution.

Example No. 4: Spam that exploits the theme of major sporting events

Love sports? Then you must be aware of sport-themed spam. Lately, researchers from Kaspersky noticed an increase[5] in emails targeting users interested in the European Football Championship, upcoming World Cups in 2018 and 2022, as well as Olympic Games in Brazil.

Such messages carry a malicious ZIP archive that contains a Trojan (malware downloader) in the form of a JavaScript file. According to experts, the Trojan is set to download more malware on the computer. See an example of the malicious message below.

Malicious spam targeting FIFA fansMalicious spam targets FIFA fans - this is how an email containing malicious attachment can look like.

Example No. 5. Terrorism-themed spam

Cyber frauds do not forget that terrorism is one of those subjects of topical interest. Not surprisingly, this theme is also used in malicious spam. Terrorism-themed spam isn't one of the frauds’ favorites; however, you must know what to expect. We provide an example of such an email message below.

Reportedly, such type of spam is generally used to steal personal data, carry out DDoS attacks, and spread malware.

Terrorism-based phishing emailsThe picture reveals emails that exploit the theme of terrorism.

Example No. 6 Emails providing “security reports”

Researchers detected one more email campaign that distributed malicious Word documents. It turns out, these documents also contain infectious macros that download and run CryptXXX ransomware as soon as the victim activates the required function. Such emails contain such lines in the subject field: “Security Breach – Security Report #[random code].”

The message contain’s victim’s IP address and location of the computer, making the victim feel that the message is genuine and trustworthy. The message warns the victim about non-existent threats such as security breaches that were ostensibly prevented and suggests checking the report attached to the message. Of course, the attachment is malicious.

Phishing emails delivering ransomwareSuch emails were used to deliver CryptXXX ransomware to victims.

Example No. 7. Malicious spam purportedly sent by legitimate companies

In order to convince the victim to open the file attached to an email, scammers pretend to be someone they’re not. The easiest way to trick the user into opening a malicious attachment is to create a deceptive email account that is almost identical to one owned by a legitimate company.

Using such email virus accounts, scammers attack users with nicely composed emails that carry a malicious payload in a file attached to them. The example below shows an email that was sent by scammers who pretended to be working at Europcar[6].

Scammers impersonate Europcar employeesCyber criminals often pretend to be someone they're not. In this example, you can see how scammers try to push malware while pretending to be Europcar representatives.

The example provided below shows what messages were used in an attack against clients of A1 Telekom company. These phishing messages included delusive DropBox URLs that led to malicious ZIP or JS files. Further analysis revealed that these files contained Crypt0l0cker virus.

Mail spam targeting A1 Telekom usersThis is an example of malicious email spam that was aimed at A1 Telekom users. The bogus link in the message points to a file that downloads Crypt0L0cker ransomware virus.

Example No. 8. Urgent task from your boss

Recently, scammers have started using a new trick to swindle money from unsuspecting victims within minutes. Imagine receiving an email from your boss, stating that they are on holiday and urgently need you to make a payment to a company because they will soon be out of reach.[7].

Unfortunately, if you rush to follow these commands without checking the details, you could end up transferring company funds to a criminal or, even worse, infecting the entire computer network with malware.

Another tactic scammers use is pretending to be your colleague. This trick is particularly effective in large companies where employees may not know all their colleagues. You can find a couple of examples of such phishing emails below.

Task from boss spamDo not rush to follow commands from someone who presents himself/herself as your boss/colleague. Otherwise, you can end up installing malware on the entire computer system or sending money to scammers!

Example No. 9. Tax-themed phishing

Scammers willingly follow different country and region tax schedules and do not miss a chance to initiate tax-themed spam campaigns to distribute malicious programs. They use a variety of social engineering tactics to trick miserable victims into downloading malicious files that come along with these deceptive virtual letters.

Such attachments mostly carry banking Trojans (keyloggers) that, once installed, steal personal information such as the victim’s name, surname, logins, credit card information, and similar data.

The malicious program can await in a malicious email attachment or a link inserted in the message. Below, you can see an example of an email that delivers a fake receipt for taxes filed, which is actually a Trojan horse.

Income Tax Receipt virusScammers send such and similar emails to trick users into opening the malicious file that is titled as Income Tax Receipt.

Scammers also try to draw users’ attention and force them to open the malicious attachment by stating that there is a pending law enforcement action against one. The message says that something needs to be done “regarding the subpoena from IRS,” which is attached to the message.

Of course, the attached document isn’t a subpoena – it is a malicious document that opens in Protected view and asks the victim to Enable Editing. Consequently, the malicious code in the document downloads malware to the computer.

Tax Subpoena scamSuch messages are meant to scare the victim and force him to open the attached document in a rush. The document contains a malicious payload.

The final example shows how scammers try to trick accountants into opening malicious attachments. The email seems to be coming from someone who seeks the assistance of a CPA, and, of course, it contains an attachment or two.

These are simply typical malicious Word documents that activate a script and download malware from a remote server as soon as the victim opens them.

Tax PhishingSuch emails are usually sent to accountants. The attached document contains a malicious script that downloads and installs malware on the system.

How to identify malicious emails and keep yourself safe?

There are some main principles to live by if you’re trying to avoid malicious emails.

  • Forget the Spam folder. There is a reason why emails fall into the Spam or Junk section. It means that email filters automatically identified that identical or similar emails are being sent to thousands of people, or that the vast of recipients already marked such messages as Spam. Legitimate emails fall into this category only in very, very rare cases, so better stay away from Spam and Junk folders.
  • Check the sender of an email before opening it. If you’re not sure about the sender, do not interact with the contents of such email at all. Even if you have an antivirus or anti-malware program, do not click on links added to the message, and do not open attached files without thinking. Remember – even the best security programs can fail to identify a brand new virus if you happen to be one of the first targets chosen by developers. If you are not sure about the sender, you can always call the company one claims to be working at and ask about the email you have just received.
  • Keep your PC security up-to-date. It is important not to have old programs on the system because they usually are full of security vulnerabilities. To avoid such risks, enable automatic software updates. Finally, use a good anti-malware program to ward off malicious programs. Remember – only up-to-date security programs can protect your computer. If you’re using an old one and if you tend to delay the installation of its updates, you plainly allow malicious programs to enter your computer quickly – without being identified and blocked.
  • Find out if the URL is safe without clicking on it. If the email you received contains a suspicious URL, hover your mouse over it to check its validity. Then look at the bottom left corner of your web browser. You should see the real URL that you’re going to be redirected to. If it looks suspicious or ends in .exe, .js, or .zip, do not click on it!
  • Cybercriminals usually have poor writing skills. Therefore, they often fail to compose even a short message without spelling or grammar mistakes. If you notice some, stay away from URLs inserted in the message or files attached to it.
  • Don't rush! If you see that the sender pressingly asks you to open the attachment or a particular link, better think twice before doing it. The attached file is likely to contain malware.
About the author
Olivia Morelli
Olivia Morelli - Ransomware analyst

Olivia Morelli is News Editor at She covers topics such as computer protection, latest malware trends, software vulnerabilities, data breaches, and more.

Contact Olivia Morelli
About the company Esolutions

Read in other languages