Combating Malicious ZIP Files | Stewart 권원 블로그

While cloud services like OneDrive, Box and Dropbox give us endless possibilities to share files, we sometimes still find ourselves sending and receiving ZIP attachments when multiple files are involved. ZIP files would be okay except sometimes they can be dangerous. You may be thinking, “What about password-protected ZIP files?” Well, cybercriminals most commonly send those. And if you’re thinking “Why would a hacker send a password-protected ZIP file?” there are several reasons. But the most common reason is to evade security filtering technologies.

Any email inspection tool and some antivirus software tools treat password-protected ZIP files as encrypted files and bypass the inspection. Another reason related explicitly to the title industry would be to create a false idea of security or protection.

Think about it – I’m sending you a vital file and protecting it with a password, but the password is the same as the email. That’s immediately suspicious and, in most cases, outright malicious.

You should always scrutinize any email that has a ZIP attachment because you can’t preview or safely open the file, and you don’t know what’s inside. Even if everything in the email checks out, pick up the phone, or find another out-of-band channel, to inquire about the file. But whatever you do, don't verify with the sender in a reply message. Things are not always what they seem, and you could be asking the wrong person.

Remember, always think before you click. Stay vigilant.