What is malware in email?

Still have a question, spotted an error, or have a better explanation or a source we should cite?

Email is the most common initial access point for malware attacks. More common than web browsing, social engineering, or compromised credentials. Attackers target email because it's a direct line to humans who can be convinced to click things.

Malware delivered through email comes in a few forms:

Malicious attachments. A PDF, Word document, or ZIP file that contains or executes malicious code when opened. The attacker convinces you to open it with a convincing story. An invoice, a shipping notification, a contract. Macros in Office documents are a particularly common delivery mechanism.

Malicious links. The email looks clean but contains a link to a page that either downloads malware directly or exploits browser vulnerabilities to install it automatically (a drive-by download). Sometimes the link looks legitimate. A Google Doc, a Dropbox file, a convincing but fake login page.

Embedded exploits. Rare, but some malware targets vulnerabilities in the email client itself. An email containing specially crafted HTML or image data can exploit a parsing bug in the email renderer. These are typically patched quickly but can be significant in the window between discovery and patching.

Common malware types you'll see in the wild via email: ransomware (encrypts your files and demands payment), trojans (backdoors that give attackers persistent access), info stealers (harvest saved passwords, cookies, and credit card data), and worms (self-spread by emailing your contacts).

The defense against malware-in-email isn't just antivirus. It's training your team to recognize phishing, keeping software updated, and using email security gateways that scan attachments and links before delivery. If you're concerned about email-based threats in your organization, our SOS line can help you think through a security review.

Contributors

Who worked on this answer

Every name links to their profile. Every company links to their site. Real people, real accountability.

Ask an AI · tailored to your setup

Get clear examples of real email malware attacks.

I need to explain email malware risks to my team and set up better defenses. Our current setup: [describe your email platform, whether you have a mail security gateway, and what security training you currently do]. What are the highest-risk malware delivery scenarios for our specific situation, and what should we prioritize implementing first?

Edit the yellow boxes, then send to the AI of your choice.