Malicious Attachments

Should I Open This File?

A very common method of sharing files digitally is to attach them to email messages. Digital files, from PDF documents to executable programs, can be delivered via email. However, while this method of sending and receiving files is quick and convenient, it can also be very dangerous! Opening a malicious file attached to an email can result in malware being executed and installed on your system. Read this article to learn how to recognize and avoid malicious attachments!

Identifying a Malicious Email

Malicious attachments on their own can be difficult to spot, which is why you should consider the entire message. Here are a few questions to ask yourself.

  • Are these files unexpected?

  • Is the message from an unfamiliar source?

  • Does the message tell you to immediately open the files and threaten you with consequences if you don’t?

If you answered “yes” to any of these questions, the email may be a phishing attempt. In this case, you should report the message to phish@kent.edu for review. You can also read about even more red flags in email messages to look for! 

Recognizing Malicious Attachments

There are certain types of files with the following extensions that you should be very careful with when handling. A file’s extension is the section of its name that follows the last period (for example, in flash.txt, “txt” is the extension). Opening any of these types of files can immediately cause them to run malicious software (malware), which could damage your system. Some common extensions for malware include:

  • .exe (executable files on Windows systems)

  • .html, .htm, and .xhtml (web page documents)

  • .docm, .pptm, .xlsm (Microsoft Office files)

  • .zip (archives of compressed files that may be dangerous)

Many other files can contain malicious content as well, even if they don’t have dangerous code. These files may contain fake invoices or job offers, malicious links, or other fraudulent information. Opening such files will not damage your system, but clicking any of their contents may cause harm.

  • .pdf (digital documents)

  • .docx, .pptx, .xlsx (standard Microsoft Office files)

  • .png, .jpg (image files)

  • .mp3, .mp4, .wav (audio and video files)

In addition to this, some files may attempt to hide their true extensions. For example, a file called “invoice.pdf.exe” appears to contain two file extensions. Would this file be a PDF file, or perhaps an executable file? Remember, the actual file extension will always be provided after the last period in the file’s name. Therefore, “invoice.pdf.exe” is a potentially dangerous executable file. Never open such a file unless you absolutely trust the sender!     

Reporting Messages with Malicious Attachments

If you receive an email with an attached file that seems suspicious in any way, the safest thing to do is report the message to phish@kent.edu. Our team of trained analysts will determine whether the file is dangerous or not and give you advice on how best to proceed.

In general, if you have any doubts about the legitimacy of a file, do not open it yourself. Even opening the file briefly can be enough to execute malicious code on your system. This applies to any files you may encounter online, not just those delivered to you via email.

If you have already opened a suspicious file or suspect that your system has been infected with malware, please contact security@kent.edu for assistance. You can also take your device to the Tech Help center for additional support. Malware removal services are offered to all Kent State University students, staff, and faculty members. 

 

Phishing and Scams

Reporting Phish

Protect Yourself

School of Phish

© 2025 Kent State University All rights reserved.