File Extension Names Will Set You Free!

[Do you get our weekly free newsletter with the latest scams and tips to stay safe? Sign up now and be smarter and safer using the Internet! ]

Every type of computer document is given a three or four letter file extension name, though these are not always visible to users. The extension name enables computers to recognize the file and know how to open it. Scammers send, or link to, malicious files that look like one file but are actually another type of file. You can greatly reduce your risk if you learn how to identify safe versus risky file extensions, or if you learn how the scammers use tricks to misidentify a file extension.

File extension codes always follow the name of the file and are separated from the file name by a single period. Here are some very familiar file extensions that most of us will recognize.

Filename.doc         Word document (earlier versions)
Filename.docx       Word document (later versions created in XML)
Filename.jpg          Photograph/image
Filename.pdf         PDF format (A document universally readable)
Filename.mp3       Digital audio file format
Filename.m4v       Apple video file format


Unfortunately, scammers often send malicious links or attached files that are harmful to us and our computers. Sometimes the scammers tell us the file or link is one thing when, in fact, it something entirely different!

If we learn to recognize and understand a few of the most important file extensions used by scammers to trick us, then we can spot some scams more easily and know when a link or attached file is most risky to click.

Here are the most commonly used file extensions by scammers and what to know about them:

 1. html (or htm)
Docusign pdfHtml or htm files (for example index.html) are web pages. This means when you click on any html or htm file, your computer will likely open up a web browser window (such as Safari, Internet Explorer, Chrome or Firefox) and display the web page you were sent. Web pages can contain instructions to pull content or files from anywhere in the world. This can be EXTREMELY risky because the web page may call for malicious content to be downloaded onto your computer, or it may display a page made to look like the login window of your bank or credit card. (The latter is called “phishing scam.”) Another very important reason to learn to recognize html files is so you can easily see when someone is lying to you! Check out this scam. The sender asks the recipient to click the attached pdf file called “Company contracts..pdf.” However, a mouse-over of the link displays that it is a link for an html file! Liar, liar!


Here is another example of an html file used to “phish” the login credentials to someone’s Skype account. The scammers claim that it is an update but it is a web page designed to capture your login credentials and send them to the scammers:
Skype phishing attempt
And one more example. It says “Check the document I sent” but the file sent is not a document but a “.htm” web page!
Check the document I sent

2. exe

A “dot-EXE” file is a Windows computer application. Clicking any file that ends in .exe means that you are installing an application. These types of files are extremely risky to PC computer owners (though not to Apple computer owners). Here is a scam disguised as an attached document to download. However, a mouse-over reveals that the link leads to a .exe file.

Find the attached doc exe

 3. zip

A zip file is a compressed form of a computer file or files. Zip’d file can contain anything, and often many files or folder of files! The critical problem is that it is very difficult to know exactly what is inside a zip’d file until you un-zip and open it. And in the case of malicious content, it is too late. Here are three examples of attached zip files:

a) This first example is supposed to be your Fedex order history. Fedex would NEVER send this as a zip’d file. It would be displayed in your web browser.

Fedex Shipping Confirmation

b) The attached tax report is named Is it a tax report or a credit report? The whole email stinks!
Update your taxes
c) Two attached Verizon receipts are zip files. And they don’t even come from a Verizon address! Delete, delete, delete! The attached files were Windows Trojan malware files.

Verizon Wireless-Receipt Attached
Two final notes about file extensions….
Don’t be fooled by the “double extension name” such as filename.jpg.exe or mydocument.pdf.html.

Whatever is the last extension is the REAL Extension!
Some folks think that if the attached file is a pdf file then it is a safe file to open no matter what.  Unfortunately that is not case.  Hackers have been clever enough to figure out ways to insert malicious triggers into these files.  If you want to learn more about this, check out this link:

 Invasion of Document Malware from