How can I tell if an email attachment is safe and virus free?

Email attachments are one of the most common ways that malware gets onto your mobile or computer. But there are steps you can take to ensure that you’re as safe as can be.

When you receive an email with an attachment, before you even think about opening it, you should run through this checklist in your head:

Is the email definitely from someone I know and trust?

Check if the email is definitely from a person or company you know. Attackers can subtly change, add or remove a letter or two from an email address to make it appear genuine.

Using Sarah@googIemail.com as an example, we changed the “L” in Google to a capital “i”. “I” looks very similar to “l” and you probably didn’t notice. Next to each other you can see a difference “Il”, and “googlemail” (correct) vs “googIemail” (false). It can be hard to spot, so you should always be aware.

Does the attachment look like something someone I trust would send me?

Ask yourself if you are expecting a file, a video, a photo from the sender.

What type of file is it?

You should check the file type of any attachment before opening it. Malware and viruses can be hidden in files of the following file extensions; .ade,

.adp, .asf, .bas, .bat, .chm, .cmd, .com, .cpl, .crt, .exe, .hlp, .hta, inf, .ins, .isp, .js, .jse, .lnk, .mdb, .mde, .mov, .msc, .msi, .msp, .mst, .pcd, .pif, .reg, .scr, .sct, .shs, .swf, .url, .vb, .vbe, .vbs, .wsc, .wsf, .wsh,

Even Microsoft Office documents (.docx, .xlsx, and .pptx) and PDFs can contain malicious links and macros that can download malware onto your mobile or computer.

The following image, sound and video formats should be safe though: .gif, .jpg, .tif, .tiff, .mpg, .mpeg, .mp3, and .wav

Interestingly any text file ending “.txt” can definitely be considered 100% safe.

As a rule, you should:

  • Only open email attachments that are expected and that come from a trusted source
  • Use Internet security software that will automatically scan email attachments for malware and viruses
  • Delete any messages and attachments you aren’t sure about without opening them

If you follow this guide, you should be able to judge if that email attachment is safe. And if you’re unsure, it’s good practice to email the sender to confirm they meant to send the attachment, and ask them if it’s safe, and even if they have been hacked. If you have any other tips, or questions, please don’t be afraid to Just Ask Gemalto!