How to Check an Email for Viruses in a Sandbox

Funny videos, messages on social networks, hot topic news, and special offers are perfect baits for stealing your money and credentials. ​​166 million spam emails had unsafe links in 2022. To keep your computer and data safe, check the links and files you get. And today, we will tell you how to do it.

Sandbox Leader like ANY.RUN, a cloud malware sandbox that handles the heavy lifting of phishing and malware analysis for SOC and DFIR teams, and also helps 300,000 professionals use the platform to investigate incidents and streamline threat analysis.  

What is a Phishing Email?

“Dear network user, your password will expire in 24 hours. Follow the link to update your password.”

“Hi, your invoice is available now. In the attachment, you will find the bill for ….”

“Your mailbox failed to sync and returned incoming messages. Recover messages”

Sounds familiar? These are phishing emails that are usual guests in our inboxes. Cybercriminals design their attacks using social engineering – catchy words and language that makes you feel nervous. All tactics go into use to trick victims so they click or download files without a second thought. And here is a catch: attachments and links have malicious content.

What can a Phishing Email do on your Computer?

Phishing emails can cause a lot of harm, and it doesn’t matter if it’s opened on your personal computer or a large enterprise’s working station. Consequences may hit both hard. Here are just a few examples of what phishing can lead to:   

• Attachments and links make your computer download malicious objects. Antivirus sometimes finds it challenging to detect, as email content is small, customized, or looks as legit as possible.
• Usually, phishing emails deliver ransomware. This type of threat deletes or encrypts files and backups on a computer. Ransomware demands payment in exchange for a decryption key. But be careful: criminals sometimes don’t keep their word even after a ransom is paid.
• Stealers and other types of malware steal confidential data such as passwords, bank logins, PayPal logins, other logins, or files.
• Remote Access Trojan (RAT) controls a computer remotely, infects the system, and gives hackers unlimited access to all your data.

The results of these attacks can be awful. Financial and data losses can be drastic for organizations. Besides that, companies have a chance to lose customers’ trust and reputation. 

Analyse Shopisticated Malware with ANY.RUN

Try ANY.RUN Yourself with a 14-day Free Trial

More than 300,000 analysts use ANY.RUN is a malware analysis sandbox worldwide. Join the community to conduct in-depth investigations into the top threats and collect detailed reports on their behavior..

Request a Demo For Free

What do real Malware Emails look like?

A phishing link to a false Netflix sign-in form is caught in the wild. A user fills the form with his confidential information, which gets stolen.

Microsoft is quite popular in phishing emails. Sign-in forms, fake websites, and just references in the text. Here are malicious examples of using this company’s name. 

Attackers also speak on behalf of Adobe. Of course, it is a scam that collects passwords.

How to Recognize an Email Scam?

The best advice is to get suspicious and challenge emails before reacting to them. There are several tips on how to recognize a scam. Try to pay attention to the following signs:

1. Sender’s domain. If the sender’s address is unknown to you, has @gmail.com in the end, or doesn’t match a company’s name, it is probably phishing. Trustworthy organizations send messages from their own domain, not a public one.
2. Username in the email Subject. The username in the subject or the attachment title should be a warning for you. A blank Subject is a sign of malware, too.
3. Urgency. Fake emails have an “act now” message to make you open a file or follow a URL immediately. But a legitimate source has no good reason to require you to open an attachment, or they could inform you in the email body.
4. Attachment verification. When an email asks you to confirm, check, review or give personal details using an attachment, give it the benefit of the doubt. A malicious file may be inside.
5. Suspicious files. Got an unexpected attachment with weird extensions? It may be malware. Watch out for double extensions, too. Legit companies rather redirect you to their websites where you can download files safely.
6. Generic salutations. Real companies try to address you with your name, but a generic phrase such as  “Dear valued customer” is a phishing attack.
7. Hover Over the Link. Hover over a URL, but don’t click it. There will be a link that you are directed to. Something is definitely wrong here if it doesn’t match the expected URL.

How to Check an Email for Viruses?

Once an email gets your attention, the next step is to check it for viruses.  Let’s find out whether a link or attachment it goes with is malicious. 

1. Use a Link Scanner

There are plenty of solutions that can scan URLs. URLVoid, ScanURL, and Norton SafeWeb analyze links for any security issues. With the tools’ help, you find out what websites are safe before following a link. You can also view proof of safety validation if you plan to shop online. 

2. Use antivirus for attachments

Many antivirus software is capable of scanning attachments in your desktop email clients. 

3. Use a sandbox

Run an untrusted file in a malware sandbox. It’s a safe solution to execute a file or link in a virtual environment and monitor the object’s behavior. You get results in seconds, so you know what malware was in the email, what it is supposed to do and what it connects with, etc. 

How to use a Sandbox for Viruses?

The interactive sandbox ANY.RUN pretends to be a real computer and tricks malicious programs – making them act. The simulation runs in real-time, and you can drag a mouse, tap keys, enter data, and start a program. And all of this is safe for your computer, and you will see what an email would do. Let’s take a look at one case. 

Besides detecting malware, you can see what data and where stolen information is supposed to go. For example, this email asks us to fill in the form. But the attachment from the following example directs a user to the unknown site, not the Microsoft one as we hope: hxxps://accessinstallations[.]com/wp-admin/css/colors/coffee/service/log.php.

And if you click on the content, you can see that the email address and password would have been sent to criminals. Thankfully, the sandbox keeps all your data safe. 

General Safety Tips for Avoiding Suspicious Links

Many cyber threats are awaiting in the inbox. Protection from phishing attacks is a task not only for the tools but also for you. Any user should be on the lookout. Two-factor authentication, frequently changing passwords, and cybersecurity awareness should be a part of your everyday life. 

Update antivirus software and all systems regularly. Pay attention to the senders of emails you get.  Check if there are any spelling mistakes in domain names or the body of the message.

And, of course, don’t click on suspicious links or attachments. Carefully examine what you are dealing with and check it with several tools. You will spend several minutes and will be sure of your safety. 

Do you think you can identify phishing? You can practice and take different tests to prepare for an actual attack. Check it out: 

• ANY.RUN – Phishing & Malware hunting with live access
• OnGuard Online – “Phishing Scams: Avoid the Bait“
• Dell SonicWALL “Phishing IQ Test”
• OpenDNS “Phishing Quiz“