Downloaded file extension names to check before opening compressed attachments
Checking the File Extension Before Opening Any Compressed Attachment
Before you click a compressed attachment, look at the file extension. .zip, .rar, or .7z are standard, but attackers hide dangerous files behind double extensions or names that look ordinary. A file might appear as document.doc.zip, where everything after the second dot is the real type.
Right-click the file and select Properties on Windows or Get Info on macOS to see the full extension string. An extension ending in .exe, .vbs, .js, or .scr means the file is unsafe regardless of how trustworthy the archive looks.
Identifying Suspicious Extension Names That Mimic Safe Files
Uncommon archive extensions like .zipx, .gzip, .bzip2, or .tar.gz are valid formats but used less often. They draw questions: why did a sender use .gzip when everyone nearby sticks to .zip? Coming from an unexpected side does not automatically make it fake, but it means you were not waiting for that material packed that way.
Pair the extension with the name. receipts.zip usually passes as possible, but receipts.rar looks like a mismatch from someone who never sends archives at all. A separately-paired call to confirm points exactly where attention should go.

Checking for Hidden or Disguised Extensions Inside the Archive
The archive name means less once content lives extracted. Common folder names hide bait nested at easy glancing distances. Names like “photos” but holding .exe or .scr lines a repeating scam: people check the top, and remaining names cue curiosity there.
Enable the option to show file extensions in your operating system before extracting. On Windows, open File Explorer, click View, and check “File name extensions.” On macOS, open Finder, go to Preferences, and uncheck “Hide extension.” Visible extensions let you spot a disguised .exe or .vbs before it runs.
Comparing the Extension to the Sender’s Normal File Habits
A colleague who always shares .pdf or .docx files but suddenly sends a .zip or .7z file deserves suspicion. Email accounts can be compromised, so a familiar name does not guarantee a safe file.
Contact the sender through a phone call or a separate messaging app to confirm the file. Do not reply to the same email thread, because the sender’s account may be under control. A sender who confirms they did not send the compressed file means you should delete the attachment and report the email as phishing.

FAQ
Question: What should I do if the compressed file has no visible extension?
Answer: Enable file extension visibility in your operating system settings. On Windows, check “File name extensions” in File Explorer View. On macOS, uncheck “Hide extension” in Finder Preferences. An extension that still does not appear means do not open the file until you confirm the real type.
Question: Can a .zip file be dangerous even if it looks normal?
Answer: Yes. A .zip file can contain malicious scripts or executables inside. Always extract to a folder and inspect the contents before opening any file. An archive containing .exe, .vbs, .js, or .scr files means delete the whole archive without extracting further.
Question: Is it safe to open a compressed attachment from a sender I trust?
Answer: Not automatically. Email accounts can be hacked, so a trusted sender may unknowingly send malware. Confirm the file with the sender through a separate phone call or messaging app. A sender who did not send the file means delete it immediately.