Proton
how to check email attachment is safe

Email attachments may contain malware that criminals trick you into downloading, often leading to identity theft, credit card fraud, or other cybercrime. Here’s how to check if an attachment is safe.

In 2022, over 300,000 people in the US lost more than $50 million(new window) from phishing attacks. And sending you fake email attachments is one way fraudsters can trick you.

We explain the risks of different email attachments and how to tell when they’re safe to open.

Why are email attachments dangerous?
Which email attachments are generally safe to open?
Which attachments are less safe to open?
How to check if an attachment is safe to open
1. Check the sender is genuine
2. Never open suspicious attachments
3. Don’t open attachments marked as spam
4. Check the filename and file type
5. Keep your antivirus and OS updated
6. Use secure file sharing
7. Get email that checks for threats
Stay secure against attachments

Get Proton Mail

Why are email attachments dangerous?

Scammers use malicious attachments or links to trick and defraud their victims in phishing emails. While opening a phishing email is generally not dangerous, responding to the message can be devastating. 

Simply clicking on an attachment can run malicious code that compromises the security of your device, often exploiting vulnerabilities in software. If you download and open the attachment, you could automatically install malware(new window) like the following:

  • Trojans (Trojan horses) may look like legitimate software, but once opened, they can take control of your device or spy on you.
  • Viruses can replicate themselves and spread between devices and through networks, causing damage or stealing personal data.
  • Ransomware may encrypt or otherwise lock your device and demand a ransom to unlock it.
  • Spyware infects your computer or phone and monitors your activity, logging keystrokes and confidential data like usernames and passwords.

Once the malware is downloaded, fraudsters can use it to steal your personal details for identity theft(new window), clean out your bank account, or lock your device and demand a ransom.

Which email attachments are generally safe to open?

Before you click, download, or open any attachment, always check the message is from a trusted source. That’s because all files can contain malicious code or malware.

However, some files are less likely to be harmful than others. You can tell whether an attachment is likely safe by checking what type of file it is.

To find the file type, check the filename extension(new window) the three- or four-letter suffix after the period, like document.doc or image.jpeg.

Here are some file types which are usually safe to open:

  • Image files like .jpeg, .png, .gif, etc.
  • Audio files like .mp3, .m4A, .wav, etc. 
  • Video files like .mp4, .mov, .avi, etc.

However, even these files can be harmful. Using a technique called steganography(new window), malware authors have hidden malicious code in image and audio files(new window), too.

Similarly, plain text files (.txt) can contain malicious scripts. But this code can’t be executed on its own, so .txt files aren’t usually dangerous.

Still, you need to watch out for double extensions. Malicious actors may create a filename like cash-for-you.txt.exe to trick you into thinking it’s a safe plain text file. Remember that only the last extension determines the file type, in this case, .exe, which could be dangerous.

Which attachments are less safe to open?

Here are some file types commonly used by scammers to hide their malware:

  • Executable files like .exe and .msi: These can run or install software, including malware.
  • Archive files like .zip and .rar: Used to compress and package multiple files, these types of files can also hide malicious scripts.
  • Document files like .pdf and .rtf and especially Microsoft Office files like Word (.doc, .docx) and Excel (.xls, .xlsx): Be particularly careful with Office files containing macros (like .docm and .xlsm), which can be malicious.
  • Batch or script files like .bat, .cmd, or .sh: These contain commands that will be run on your device when you open them.
  • Disk image files like .img, .iso, or .dmg: These are used to copy disks and distribute software, including malware.
  • JavaScript files (.js): These files contain code used to create interactive web pages but can also be used to run malicious scripts.

Of course, these are common file types, and far from all attachments of this kind will be malicious. That’s why you need to carefully check each attachment you receive before opening it.

How to check if an email attachment is safe to open

Before you open any email attachment, check the message and the attachment for signs of phishing. Here are the main red flags to look out for:

1. Check the sender is genuine

Never open an email attachment unless you’re 100% sure it’s from a trusted source.

Remember that hackers can spoof emails to appear like they’re from someone you know, like a friend or co-worker. If in doubt, call or text the sender to confirm.

Get Proton Mail, which uses digital signatures to verify the sender in end-to-end encrypted emails. A blue lock confirms that the message is from the sender and hasn’t been tampered with. 

Blue lock icon confirming that the message is from the sender

Moreover, Proton Mail warns you if an email shows signs of being spoofed.

Proton Mail domain authentication warning saying that the email may be spoofed so any attachment may not be safe

If you have a custom email address (@yourdomain.com), Proton Mail has custom domain anti-spoofing to stop scammers from using your domain to spread spam or phishing emails.

Get Proton Mail free button

2. Never open suspicious attachments

Beware of suspicious emails with urgent or unexpected requests, threats, prizes, or attachments. If you get a message with a “receipt” attached for something you haven’t bought, don’t download or open it. 

In short, if you spot any signs of phishing, don’t download or open the attachment.

3. Don’t open attachments marked as spam

Don’t download or open any attachments if your email provider has flagged the message as spam. Proton Mail has smart spam detection that automatically filters spam into your spam folder.

Proton Mail further protects you with PhishGuard, which flags suspected phishing emails with a red banner.

Proton Mail banner flagging the email as a phishing attempt, so any attachment may not be safe

4. Check the filename and file type

Take a close look at any attachments you receive. First, does the attached file fit the context of the message? Are you expecting “Miami vacation photos” from your friend Emma?

Attachment example showing the filename and .zip file extension

Second, check the file extension. This is a .zip file, a file type commonly used in phishing attacks, so double-check it’s from Emma before opening it.

And watch out for double file extensions like Miami vacation photos.txt.zip. Only the last file extension counts (here .zip), so don’t be fooled by the less dangerous-looking “txt” part of the filename. 

5. Keep your antivirus and OS updated

Make sure you install reputable antivirus or internet security software and keep it up to date. Antivirus software can:

  • Scan all files that you download, including emails attachments from webmail
  • Check email attachments for malware if you’re using a desktop email client
  • Make regular scans of your device for malware in case your device becomes infected

Remember that malware can exploit security vulnerabilities in software too. So keep your operating system, browser, and other apps updated to the latest versions with security patches.

6. Use secure file sharing

One way to avoid the risk of email attachments is to avoid using them altogether.

Get Proton Drive secure cloud storage and share end-to-end encrypted files with anyone using a secure link. That way, you can send files of any size to friends, family, or co-workers without worrying about attachments.

7. Get email that checks for threats

Many email providers, including Gmail, check attachments for viruses and malware, catching malicious files before they reach your mailbox. But often this means giving up your privacy as email services scan the contents of your communications.

Choose a private email service you can trust to keep you safe and your messages private.

Stay secure against attachments

Email attachments are one of the main ways fraudsters deliver malware, so beware of any attached files. By following the tips above, you can significantly reduce the risk of harm from malicious downloads.

But it’s easy to click by mistake, and we need all the help we can get to fight scams. We’ve designed Proton Mail to give you robust protection against malicious emails and attachments while keeping your communications private.

With Proton Mail, you get:

Proton Mail also includes Proton VPN(new window) and end-to-end encrypted Proton Calendar and Proton Drive, so you can share files securely without sending attachments.

In short, beware of attachments, get Proton Mail free, and stay secure!

Related articles

The cover image for a Proton Pass blog comparing SAML and OAuth as protocols for business protection
en
SAML and OAuth help your workers access your network securely, but what's the difference? Here's what you need to know.
Proton Lifetime Fundraiser 7th edition
en
Learn how to join our 2024 Lifetime Account Charity Fundraiser, your chance to win our most exclusive plan and fight for a better internet.
The cover image for a Proton Pass blog about zero trust security showing a dial marked 'zero trust' turned all the way to the right
en
Cybersecurity for businesses is harder than ever: find out how zero trust security can prevent data breaches within your business.
How to protect your inbox from an email extractor
en
  • Guias de privacidade
Learn how an email extractor works, why your email address is valuable, how to protect your inbox, and what to do if your email address is exposed.
How to whitelist an email address and keep important messages in your inbox
en
Find out what email whitelisting is, why it’s useful, how to whitelist email addresses on different platforms, and how Proton Mail can help.
The cover image for Proton blog about cyberthreats businesses will face in 2025, showing a webpage, a mask, and an error message hanging on a fishing hook
en
Thousands of businesses of all sizes were impacted by cybercrime in 2024. Here are the top cybersecurity threats we expect companies to face in 2025—and how Proton Pass can protect your business.