Gmail security alerts on attachments
September 29, 2023 12:24 PM
My work uses Google Workspace to host our email. Some emails that come in have attachments flagged as “can’t be verified as safe”. How do I test if they are safe to open?
We’re hiring and have received a lot of applications with PDFs, as we are expecting. Less than half a dozen have been flagged with the alert message “Be careful with this message This message contains one or more attachments that can’t be verified as safe. Avoid downloading them unless you know the sender and are confident that this email is legitimate.” All attachments are PDFs and it appears some have links in them. They are not encrypted as best I can tell, no password required to preview. It would not be unreasonable to include links in the types of resumes and supplementary materials that we’re getting. Is there some wording in the cover letters or resumes that is suspect or could be read as phishing, so they are getting flagged?
Specific questions:
1. What does this mean/how likely is there an issue with any one file? Does can’t be verified mean it just hasn’t been scanned, or has been but there are red flags? Possibly relevant: the emails auto forward to my main email and when I read them on my main account, some of the files are NOT flagged that were in the secondary account, and vice versa - emails are flagged in my main account but not in the secondary where they were sent to by the original sender. Does it mean they are fine if they aren't getting flagged in one account, even if they do in a different account?
2. Can I save these files to our Google Drive without an issue? Will Google alert me if there’s a real problem with something? I know I can preview them but that doesn’t work for actually collecting the application materials in one place like we are doing. I’m not downloading them, just saving directly to Drive.
The sender domains range from gmail itself to major .edu domains to small domains I don’t recognize. Obviously I’m expecting emails with PDF attachments since we’re collecting applications, but these are all new-to-us contacts, it’s not like I am expecting a specific message from Jane Smith. I don't actually know any of these people or even if they are real people. I don’t want to eliminate possibly qualified candidates because of a Google problem, but even more I don’t want to get malware or a virus on my computer or my colleagues’ computers or in our Google Workspace drive. It seems unlikely these are phishing or virus attempts, but also not impossible given how easy it is to generate a resume on AI these days; of course someone could also have an infected computer and not know.
I’m using a Mac running Big Sur and don’t have other virus or malware software installed besides the scanners that come with MacOS but I’m happy to install some if needed. Other people here use Windows.
Please explain this like I’m 5, or maybe 75 would be more appropriate. We are a tiny organization so no IT team to ask. And please be kind! I realize this might be a dumb question BUT I cannot find a clear answer about what this alert actually means when I Google or any helpful advice on what to do.
We’re hiring and have received a lot of applications with PDFs, as we are expecting. Less than half a dozen have been flagged with the alert message “Be careful with this message This message contains one or more attachments that can’t be verified as safe. Avoid downloading them unless you know the sender and are confident that this email is legitimate.” All attachments are PDFs and it appears some have links in them. They are not encrypted as best I can tell, no password required to preview. It would not be unreasonable to include links in the types of resumes and supplementary materials that we’re getting. Is there some wording in the cover letters or resumes that is suspect or could be read as phishing, so they are getting flagged?
Specific questions:
1. What does this mean/how likely is there an issue with any one file? Does can’t be verified mean it just hasn’t been scanned, or has been but there are red flags? Possibly relevant: the emails auto forward to my main email and when I read them on my main account, some of the files are NOT flagged that were in the secondary account, and vice versa - emails are flagged in my main account but not in the secondary where they were sent to by the original sender. Does it mean they are fine if they aren't getting flagged in one account, even if they do in a different account?
2. Can I save these files to our Google Drive without an issue? Will Google alert me if there’s a real problem with something? I know I can preview them but that doesn’t work for actually collecting the application materials in one place like we are doing. I’m not downloading them, just saving directly to Drive.
The sender domains range from gmail itself to major .edu domains to small domains I don’t recognize. Obviously I’m expecting emails with PDF attachments since we’re collecting applications, but these are all new-to-us contacts, it’s not like I am expecting a specific message from Jane Smith. I don't actually know any of these people or even if they are real people. I don’t want to eliminate possibly qualified candidates because of a Google problem, but even more I don’t want to get malware or a virus on my computer or my colleagues’ computers or in our Google Workspace drive. It seems unlikely these are phishing or virus attempts, but also not impossible given how easy it is to generate a resume on AI these days; of course someone could also have an infected computer and not know.
I’m using a Mac running Big Sur and don’t have other virus or malware software installed besides the scanners that come with MacOS but I’m happy to install some if needed. Other people here use Windows.
Please explain this like I’m 5, or maybe 75 would be more appropriate. We are a tiny organization so no IT team to ask. And please be kind! I realize this might be a dumb question BUT I cannot find a clear answer about what this alert actually means when I Google or any helpful advice on what to do.
I've seen this warning for benign larger files, though usually the error message will specify that it's too large to be scanned, not that it couldn't be. If it's impossible or impractical to ask them to resend it, the files should be safe to download, but you should run them through VirusTotal or your virus/malware scanner of choice before opening them if you get a file like that.
As a note, malware scanners are not foolproof, not even Google's, and if you're receiving these files from the general public, you should probably open them on a computer that doesn't contain sensitive data and is not connected to sensitive systems even if they don't get flagged with a warning. If you have an IT department, you might want to contact them for specific guidance for your workplace.
posted by Aleyn at 2:21 PM on September 30, 2023
As a note, malware scanners are not foolproof, not even Google's, and if you're receiving these files from the general public, you should probably open them on a computer that doesn't contain sensitive data and is not connected to sensitive systems even if they don't get flagged with a warning. If you have an IT department, you might want to contact them for specific guidance for your workplace.
posted by Aleyn at 2:21 PM on September 30, 2023
Just noticed you mentioned not having an IT department, but I stand by the rest of my advice. Unfortunately, opening attachments from unknown senders is always higher-risk, so your wariness is warranted.
posted by Aleyn at 2:27 PM on September 30, 2023
posted by Aleyn at 2:27 PM on September 30, 2023
Thank you both, these are extremely helpful answers.
posted by john_snow at 6:24 AM on October 2, 2023
posted by john_snow at 6:24 AM on October 2, 2023
This thread is closed to new comments.
PDF is a wrapper format, not really a thing in and of itself, and as a result it is possible to put things into a PDF that are bad, including malware and links that point to phishing sites. It's done all the time.
It is quite reasonable to ask people to re-create or re-scan documents that fail that test and re-send them to you.
posted by mhoye at 1:50 PM on September 29, 2023