ProtonBlog(new window)
how to check email attachment is safe

7 tips to check if an email attachment is safe

Share this page

Email attachments may contain malware that criminals trick you into downloading, often leading to identity theft, credit card fraud, or other cybercrime. Here’s how to check if an attachment is safe.

In 2022, over 300,000 people in the US lost more than $50 million(new window) from phishing attacks(new window). And sending you fake email attachments is one way fraudsters can trick you.

We explain the risks of different email attachments and how to tell when they’re safe to open.

Why are email attachments dangerous?
Which email attachments are generally safe to open?
Which attachments are less safe to open?
How to check if an attachment is safe to open
1. Check the sender is genuine
2. Never open suspicious attachments
3. Don’t open attachments marked as spam
4. Check the filename and file type
5. Keep your antivirus and OS updated
6. Use secure file sharing
7. Get email that checks for threats
Stay secure against attachments

Get Proton Mail

Why are email attachments dangerous?

Scammers use malicious attachments or links to trick and defraud their victims in phishing emails(new window). While opening a phishing email is generally not dangerous, responding to the message can be devastating. 

Simply clicking on an attachment can run malicious code that compromises the security of your device, often exploiting vulnerabilities in software. If you download and open the attachment, you could automatically install malware(new window) like the following:

  • Trojans (Trojan horses) may look like legitimate software, but once opened, they can take control of your device or spy on you.
  • Viruses can replicate themselves and spread between devices and through networks, causing damage or stealing personal data.
  • Ransomware may encrypt or otherwise lock your device and demand a ransom to unlock it.
  • Spyware infects your computer or phone and monitors your activity, logging keystrokes and confidential data like usernames and passwords.

Once the malware is downloaded, fraudsters can use it to steal your personal details for identity theft(new window), clean out your bank account, or lock your device and demand a ransom.

Which email attachments are generally safe to open?

Before you click, download, or open any attachment, always check the message is from a trusted source. That’s because all files can contain malicious code or malware.

However, some files are less likely to be harmful than others. You can tell whether an attachment is likely safe by checking what type of file it is.

To find the file type, check the filename extension(new window) the three- or four-letter suffix after the period, like document.doc or image.jpeg.

Here are some file types which are usually safe to open:

  • Image files like .jpeg, .png, .gif, etc.
  • Audio files like .mp3, .m4A, .wav, etc. 
  • Video files like .mp4, .mov, .avi, etc.

However, even these files can be harmful. Using a technique called steganography(new window), malware authors have hidden malicious code in image and audio files(new window), too.

Similarly, plain text files (.txt) can contain malicious scripts. But this code can’t be executed on its own, so .txt files aren’t usually dangerous.

Still, you need to watch out for double extensions. Malicious actors may create a filename like cash-for-you.txt.exe to trick you into thinking it’s a safe plain text file. Remember that only the last extension determines the file type, in this case, .exe, which could be dangerous.

Which attachments are less safe to open?

Here are some file types commonly used by scammers to hide their malware:

  • Executable files like .exe and .msi: These can run or install software, including malware.
  • Archive files like .zip and .rar: Used to compress and package multiple files, these types of files can also hide malicious scripts.
  • Document files like .pdf and .rtf and especially Microsoft Office files like Word (.doc, .docx) and Excel (.xls, .xlsx): Be particularly careful with Office files containing macros (like .docm and .xlsm), which can be malicious.
  • Batch or script files like .bat, .cmd, or .sh: These contain commands that will be run on your device when you open them.
  • Disk image files like .img, .iso, or .dmg: These are used to copy disks and distribute software, including malware.
  • JavaScript files (.js): These files contain code used to create interactive web pages but can also be used to run malicious scripts.

Of course, these are common file types, and far from all attachments of this kind will be malicious. That’s why you need to carefully check each attachment you receive before opening it.

How to check if an email attachment is safe to open

Before you open any email attachment, check the message and the attachment for signs of phishing(new window). Here are the main red flags to look out for:

1. Check the sender is genuine

Never open an email attachment unless you’re 100% sure it’s from a trusted source.

Remember that hackers can spoof emails(new window) to appear like they’re from someone you know, like a friend or co-worker. If in doubt, call or text the sender to confirm.

Get Proton Mail, which uses digital signatures(new window) to verify the sender in end-to-end encrypted emails. A blue lock confirms that the message is from the sender and hasn’t been tampered with. 

Blue lock icon confirming that the message is from the sender

Moreover, Proton Mail warns you if an email shows signs of being spoofed(new window).

Proton Mail domain authentication warning saying that the email may be spoofed so any attachment may not be safe

If you have a custom email address (, Proton Mail has custom domain anti-spoofing to stop scammers from using your domain to spread spam(new window) or phishing emails.

Get Proton Mail free button

2. Never open suspicious attachments

Beware of suspicious emails with urgent or unexpected requests, threats, prizes, or attachments. If you get a message with a “receipt” attached for something you haven’t bought, don’t download or open it. 

In short, if you spot any signs of phishing(new window), don’t download or open the attachment.

3. Don’t open attachments marked as spam

Don’t download or open any attachments if your email provider has flagged the message as spam. Proton Mail has smart spam detection that automatically filters spam into your spam folder.

Proton Mail further protects you with PhishGuard, which flags suspected phishing emails with a red banner.

Proton Mail banner flagging the email as a phishing attempt, so any attachment may not be safe

4. Check the filename and file type

Take a close look at any attachments you receive. First, does the attached file fit the context of the message? Are you expecting “Miami vacation photos” from your friend Emma?

Attachment example showing the filename and .zip file extension

Second, check the file extension. This is a .zip file, a file type commonly used in phishing attacks, so double-check it’s from Emma before opening it.

And watch out for double file extensions like Miami vacation Only the last file extension counts (here .zip), so don’t be fooled by the less dangerous-looking “txt” part of the filename. 

5. Keep your antivirus and OS updated

Make sure you install reputable antivirus or internet security software and keep it up to date. Antivirus software can:

  • Scan all files that you download, including emails attachments from webmail
  • Check email attachments for malware if you’re using a desktop email client
  • Make regular scans of your device for malware in case your device becomes infected

Remember that malware can exploit security vulnerabilities in software too. So keep your operating system, browser, and other apps updated to the latest versions with security patches.

6. Use secure file sharing

One way to avoid the risk of email attachments is to avoid using them altogether.

Get Proton Drive secure cloud storage and share end-to-end encrypted files with anyone using a secure link. That way, you can send files of any size to friends, family, or co-workers without worrying about attachments.

7. Get email that checks for threats

Many email providers, including Gmail, check attachments for viruses and malware, catching malicious files before they reach your mailbox. But often this means giving up your privacy as email services scan the contents of your communications.

Choose a private email service you can trust to keep you safe and your messages private.

Stay secure against attachments

Email attachments are one of the main ways fraudsters deliver malware, so beware of any attached files. By following the tips above, you can significantly reduce the risk of harm from malicious downloads.

But it’s easy to click by mistake, and we need all the help we can get to fight scams. We’ve designed Proton Mail to give you robust protection against malicious emails and attachments while keeping your communications private.

With Proton Mail, you get:

Proton Mail also includes Proton VPN(new window) and end-to-end encrypted Proton Calendar and Proton Drive, so you can share files securely without sending attachments.

In short, beware of attachments, get Proton Mail free, and stay secure!

Protect your privacy with Proton
Create a free account

Share this page

Harry Bone(new window)

A long-standing privacy advocate, Harry worked as a translator and writer in a range of industries, including a stint in Moscow monitoring the Russian media for the BBC. He joined Proton to promote privacy, security, and freedom for everyone online.

Related articles

How to share a PDF
Sharing a PDF with coworkers, friends, or family members can sometimes be trickier than it seems if you’re trying to share a large file or if you want to use secure encryption. In this article, we show you how to share any PDF quickly, easily, and se
Proton Pass for Windows
Proton Pass is launching its new app for Windows, allowing you to access our password manager from your desktop. As one of our community’s most requested features, it’s available to everyone starting today. Proton Pass is the centerpiece of our effo
password policy
Businesses are increasingly dealing with the fallout from cybercrime: The number of attacks is on the rise and the damage done is growing exponentially. One of the most common vulnerabilities for organizations are their passwords. Since they are your
How to free up disk space
If you’ve ever owned an electronic device of any kind, you know the struggle of running out of space. No matter if it’s a smartphone, laptop, or desktop computer, there never seems to be enough room for all your files. Let’s show you some simple ways
What is 3-2-1 backup
Data backup is vital for businesses and individuals alike: In case something happens to your primary computer, you always have a copy of your data to fall back on.  How should you approach backup, though? The 3-2-1 rule can act as a guide when decid
What was your first pet’s name? In what city were you born?  We’ve all had to answer these questions to reset a long-forgotten password, but consider how that works. Much of this information is easy to find for others (or easily forgotten by you), m