How To Spot A Dangerous Email Attachment
Whatsapp Pinterest

Emails can be dangerous. Reading the contents of an email should be safe if you have the latest security patches, but  email attachments can be harmful. Any type of file can be attached to an email, including .exe program files. Many email servers will perform virus scanning and remove potentially dangerous attachments, but you can’t rely on this. Look for the common warning signs so you can avoid viruses, worms, and Trojans What Is The Difference Between A Worm, A Trojan & A Virus? [MakeUseOf Explains] What Is The Difference Between A Worm, A Trojan & A Virus? [MakeUseOf Explains] Some people call any type of malicious software a "computer virus," but that isn't accurate. Viruses, worms, and trojans are different types of malicious software with different behaviors. In particular, they spread themselves in very... Read More .

So-called “spear-phishing campaigns” that go after high-value corporate and government targets have used email attachments to take advantage of previously unknown security vulnerabilities. Email attachments can be dangerous to anyone.

Dangerous File Extensions

The easiest way to identify whether a file is dangerous is by its file extension, which tells you the type of file it is. For example, a file with the .exe file extension is a Windows program and should not be opened. Many email services will block such attachments 4 Ways To Email Attachments When The File Extension Is Blocked 4 Ways To Email Attachments When The File Extension Is Blocked Read More .

However, .exe isn’t the only type of dangerous file extension. Other potentially dangerous file extensions that can run code include: .msi, .bat, .com, .cmd, .hta, .scr, .pif, .reg, .js, .vbs, .wsf, .cpl, .jar and more. This is not an exhaustive list — there are many different file extensions in Windows that will run code on your computer when executed.

Office files with macros are also potentially dangerous. If an Office document extension ends with an m, it can — and probably does — contain macros. For example, .docx, .xlsx, and .pptx should be safe, while .docm, .xlsm, and .pptm can contain macros and can be harmful. Of course, some businesses use macro-enabled documents. You’ll have to exercise your own judgment.

In general, you should only open files with attachments that you know are safe. For example, .jpg and .png are image files and should be safe. .pdf, .docx, .xlsx, and .pptx are document files and should also be safe — although it’s important to have the latest security patches Why Do Apps Nag Me to Update & Should I Listen? [Windows] Why Do Apps Nag Me to Update & Should I Listen? [Windows] Software update notifications seem like a constant companion on every computer. Every app wants to update regularly, and they nag us with notifications until we give in and update. These notifications can be inconvenient, especially... Read More so malicious types of these files can’t infect you via security holes in Adobe Reader or Microsoft Office.

Archives, Especially Encrypted Ones

In an attempt to make it around email filters, someone may email you malicious file attachments in an archive — especially an encrypted one. For example, you may receive an email with a .zip, .rar, or .7z file and its password. You’d need to download the archive file and extract its contents with the password to access them.

The password-protection — or encryption — on the archive prevents email scanners and antivirus programs from examining it, so it’s very possible that the archive could contain malware. Of course, password-protected archives are also an effective way to email sensitive files The 5 Best Ways To Easily & Quickly Encrypt Files Before Emailing Them [Windows] The 5 Best Ways To Easily & Quickly Encrypt Files Before Emailing Them [Windows] Earlier this year, I was faced with a situation where I had a writer working for me overseas in China, where we were both certain that all of our email communications were being monitored. I... Read More . You’ll have to use your judgment once again.


The Sender

Looking at who an email was sent by can help you identify whether an email attachment is malicious or not. Beware: an attachment can be malicious even if you know the sender! If they’ve become infected, a malware program may send you emails from their email address, disguised as emails they’d send.

If you get an email from someone you don’t know with a questionable-looking attachment, it’s probably malware. If you receive a macro-enabled Office document from someone you’re not expecting one from, exercise extreme caution.

On the other hand, if your boss tells you in person that she’ll email you a macro-enabled Excel spreadsheet and you get an email from her with an .xlsm file later that day, the attachment is probably safe.

If you’re not sure whether someone sent you a suspicious-looking email attachment, you may want to give them a phone call or ask them in person. If they didn’t send the attachment, they’ll appreciate the warning that their computer is infected or their email address has been hijacked.

The Email Itself

The email’s contents can also offer clues. If you get an email from someone you know and something seems a bit off, it may be written by malware or a hijacker. Such emails could also be phishing emails without any dangerous attachments — for example, if you get an email from someone you know saying they’re trapped and need you to wire some money with Western Union How I Nearly Got Conned Via A Western Union Transfer Scam How I Nearly Got Conned Via A Western Union Transfer Scam Here's a little story about the latest "Nigerian scam", which is all too obvious in hindsight and yet so believable when you're on the hook. Read More , this could easily be a phishing scam What Exactly Is Phishing & What Techniques Are Scammers Using? What Exactly Is Phishing & What Techniques Are Scammers Using? I’ve never been a fan of fishing, myself. This is mostly because of an early expedition where my cousin managed to catch two fish while I caught zip. Similar to real-life fishing, phishing scams aren’t... Read More .

If you get an email from FedEx or UPS and it asks you to download an email attachment and run it, that’s another red flag. Legitimate businesses will never ask you to download and run programs attached to an email.


Antivirus Alerts

If you’re using a webmail service like Gmail,, or Yahoo! Mail, your webmail service will automatically scan incoming attachments for malware and inform you if the attachments are dangerous. Of course, if you see a warning that an attachment is malicious, you should not download it! The text of the email may ask you to ignore any problems and assure you that the attachment is actually fine, but this would likely be a trick.

If you download an email attachment and your desktop antivirus program Free Anti-Virus Comparison: 5 Popular Choices Go Toe-To-Toe Free Anti-Virus Comparison: 5 Popular Choices Go Toe-To-Toe What is the best free antivirus? This is among the most common questions we receive at MakeUseOf. People want to be protected, but they don’t want to have to pay a yearly fee or use... Read More flags it, stop right there. Don’t click through the warning and run it anyway — trust your antivirus program more than the email attachment.

Bear in mind that antivirus programs aren’t perfect. They’ll miss things occasionally, so you can’t only rely on your antivirus. An attachment could be dangerous even if no antivirus flags it.

Have a Healthy Suspicion

When it comes to email attachments, you should exercise extreme caution and assume the worst. Don’t actually download or run an attachment unless you have a good reason to do so. If you’re not expecting an attachment, treat it with healthy suspicion. If it’s an image attachment, that’s probably okay. PDFs should be okay if you have the latest security patches, too. But if you’re not sure what something is, you shouldn’t run it.

Your webmail client’s preview features can also help. You can preview PDF files, documents, images, and other types of files in your browser without actually downloading them to your computer.


Do you have any other tips for dodging dangerous email attachments? Leave a comment below!

Image Credit: Mark on Flickr

Explore more about: Email Tips, Online Security.

Enjoyed this article? Stay informed by joining our newsletter!

Enter your Email

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Queazy Soporiphic
    February 18, 2014 at 12:54 am

    I just tried to download malware from a link on this page. Then I opened a new page and googled the malware removal tool to download from there. In both cases the download file is an .exe which we are told not to trust.

    Am I right in not downloading because it is an .exe?
    I am not well informed on these things but am trying to remedy that and I have spotted scams etc before and acted defensively or reported them to appropriate bodies.

  2. Alisha
    February 10, 2014 at 11:21 am

    Good Information. Thanks for sharing.

      June 29, 2016 at 10:52 pm

      Hi - who are the 'appropriate bodies' ? - I received a very questionable email from the "FBI" and I don't know who to send it to - thanks for sharing, monica

  3. Steph
    February 4, 2014 at 11:55 pm

    Rules I live by:

    If I don't know the sender - bin it.
    If I get an email from a sender that I am not expecting - e.g. flight confirmations when you haven't booked a flight recently - bin it.
    Always check the senders address in the header - emails purporting to be from 'QANTAS' but with a return address of @bigpond or an equally vague addresses get binned.
    Never ever ever ever open .zip type attachments without checking one way or the other. i.e. if you know the sender ring them, if you don't know the sender bin it.
    If there is poor spelling & or grammar in the subject, sender fields or body of the email (that can't be explained by simple typos) bin it.
    Habitually block senders that send malicious emails. I have found that with some virus & emails programs they learn as you go so if you block all those 'Hi. I'm in town would you like to meet for a coffee' emails they all eventually get rejected from your server.
    Just deleting an email doesn't make it go away. It will sit in your Deleted items folder, junk mail folder or similar. Empty these folders frequently to permanantly delete items.

    I know there have been a few times where I have bined stuff that I shouldn't have but people have now learnt that if they are going to send me a file they need to let me know first. As much as a pain this has been I have also only had about 2 virus or malware infections in the last 10 years.

  4. Carolyn B
    February 4, 2014 at 2:25 am


  5. Tatyana Istomina 0099 T,Th
    January 26, 2014 at 11:45 pm

    I am glad I read this article, I will be more careful when downloading files that somebody sent me and will make sure the name extension does not contain anything suspicious. Also I will look at the sender's name.

  6. Rakesh Mondal
    January 24, 2014 at 11:55 am

    Thank you very informative.

  7. GP
    January 22, 2014 at 10:31 am

    Not really in to this kind of thing. Rely on another. So would have liked a print version of this article to refer back to it later. This looks as if it will take several pages of paper. Off to go and find out how many.

    • BKL
      January 27, 2014 at 7:09 pm

      If you print as is, it will come to 5 pages. If you copy & paste it into Word, you can scaled it down to 3 or even 2, depending on the font size.

  8. susan
    January 22, 2014 at 3:12 am

    You can't trust any attachment, even if it is a .doc, a pdf or a .jpg because nowadays the attackers are changing the extension. So they send you something that LOOKS as if it is a PDF, when it is really a .exe.

  9. Tom W.
    January 21, 2014 at 10:15 pm

    Beware of this type of file:
    anyvideo.avi .exe

    I got a couple of these recently: supposedly safe file extension followed by about 50 spaces then .exe. Turned out to be a nasty virus. I should have notices that the small icon to the left of the filename was not a video icon supplied by my default video viewer TLC.

  10. Godel
    January 21, 2014 at 9:54 pm

    You can also download, open and test files in a sandbox using Sandboxie, making it less likely for noxious files to escape. If you don't need all the corporate level bells and whistles of Adobe Reader, one of the alternative PDF readers may be safer. I use the basic but effective Sumartra, but I used to use Foxit Reader with JavaScript etc turned off.

  11. dragonmouth
    January 21, 2014 at 7:57 pm

    Rule #1 with any email should be "Know your sender!" This is especially important to the social media addicts who "friend" everybody listed in the Manhattan and/or Los Angeles phone books.

    • John G
      January 26, 2014 at 7:24 pm

      You just said a cottonpickin' mouthful! I'd venture to say at least 50% of this problem would be eradicated if people would just think about who sent the darn thing before they blithely go about opening it. I make purchases from Amazon, etc., all the time but I know better than to just open something from "UPS" just because that's who it says it's from.

      People nowadays are so seldom "in the moment". They're always in a hurry and don't often think about what they're doing.

  12. Jenni
    January 21, 2014 at 7:26 pm

    Excellent article thank you. I'll be referring my students to this one.

  13. malcolm
    January 21, 2014 at 6:07 pm

    I use Mailwasher Pro to read and assess every unexpected incoming email while it is still on the server--and delete it before downloading the rest. The actual delete is delayed because the suspect email is put into quarantine on the server and is listed for a while in Mailwasher's "Recycle Bin." So you can recover rejected mail if you realize you made a mistake. It gets permanently deleted later. I also use Spybot and Malwarebytes and Windows Firewall. I uninstalled Zone Alarm when it wanted to run my life.

  14. kj
    January 21, 2014 at 5:27 pm

    Thank you for this article! Typically if I don't recognize a sender I don't bother regardless but sometimes something is questionable and I'm grateful for the information provided in this article as I'm not a mega-wiz with all this ... Very helpful thanks again!


  15. N Fiorito
    January 21, 2014 at 5:24 pm

    One item that I didn't see in your article was the issue of links contained in the email body. Sometimes the link looks to be for a legitimate site or other friendly titles when if fact they are not. If you run your mouse over the link the actually URL of the site will appear in the status bar. This will give you a clue on whether the email/link is legit or not. I would not count on this exclusively but this along with the other items in your article will help to determine if a email is legit or not.

    • Steve
      January 22, 2014 at 9:01 am

      Very good point to note, thanks. The displayed link can be easily disguised but the url in the status bar will tell you.

  16. wec
    January 21, 2014 at 5:18 pm

    The title should be changed: How To Spot A Dangerous Email Attachment on Windows

    • dragonmouth
      January 21, 2014 at 7:52 pm

      Since MUO is a Windows-centric site, whenever the O/S is not specified, you can safely assume that it is Windows. However, the advice in the article applies to ALL O/Ss. Just because you are running Linux or even BSD does not mean that you can open up emails and attachments willy-nilly.

    • Todd H
      January 23, 2014 at 1:08 am

      It would show a total lack of common sense and lack of technical know how to assume that only the Windows OS can get a virus from E-mail. Your cell phone isn't even safe from Viruses. Linux and iOS can get just as many infections as Windows if you lull yourself into a false (If not fantasy) sense of security just because is doesn't have Microsoft written on it.

  17. Concerned Person
    January 21, 2014 at 4:41 pm

    The statement "Your webmail client’s preview features can also help. You can preview PDF files, documents, images, and other types of files in your browser without actually downloading them to your computer" is incorrect. Everything you see on a browser screen has already been downloaded to your computer; that is why many email clients do not download images and attachments by default. Your browser and to the same extent email clients are not a window to content elsewhere on the internet; unless the item shown is a placeholder it is content already obtained from the internet or elsewhere on your local network.

  18. Steve Tanner
    January 21, 2014 at 3:55 pm

    Beware of the "Sender" field. Sometimes they look legit but your mail client can sometimes shoe the "Reply-To" which has been configured to fool you. If in doubt, check the HEADER and then you will see where it truly came from.

    • Leah Foley
      February 2, 2014 at 8:29 am

      Exactamente', Steve Tanner, and a rule that I now never, ever break. I started checking headers, just for fun (I'm one of those curious cat kind of creatures of the world) and was absolutely shocked by the amount of emails where the real senders were covered by some bogus address. I mean, "frequently" would be a huge understatement. I've also learned the value of right-clicking (I use Firefox) for further satisfying my urge to detect, exactly what the nature of that content is made of, and who made it and why. I have caught many a phishing scam and worse, and some that have been downright creepy in nature. Even if you're not a " love to snoop" person, like me, you might find yourself turning into one when you see the likes of what kind of "people" are sending you content and just how nasty that content can get, and often, sadly, is. Take a minute or two. It's worth it. Having my nice, new laptop given to me as a Mama's Day gift by my kids, fried to bits by sloppy habits I no longer have, was enough to make me not even consider opening mail without a thorough check -up, first. Easier, and safer, to toss, not loss. Ty to all, for your most excellent advisement.

  19. Rob H
    January 21, 2014 at 3:19 pm

    I read somewhere last year that one trick is to use backspace characters to hide the malicious filetype so the attachment may look like file.pdf but is actually file.pdf.exe**** where the **** is 4 backspace characters which have the effect of hiding .exe so you click expecting to get a PDF but actually you started a program file running.

    I don't think it's easy to do this in a normal email program and hopefully your email service provider, your email client program or your security software will spot the subterfuge.

    Neverthless it reinforces the advice - don't open unexpected attachments whoever they come from and regardless of how tempting they may seem.

  20. Bobby L
    January 20, 2014 at 9:32 pm

    also if you right click the attatchment you have the option to scan the document with your own anti virus software.and it should tell you if its safe

    • Laurel N
      January 20, 2014 at 10:16 pm

      Yes. I like to save ANY attachment, and scan not only w/ a/v, but also with anti-malware. (Spybot and malwarebytes both offer right-click malware scanning in their free versions.) Scan a zip file BEFORE unzipping, and also scan the individual files AFTER unzipping. Remember, scan twice; open once.