I have seen some crazy or indeed stupid security advice over the years but this tweet from the Ontario Provincial Police, an organisation that should know better, really takes the biscuit.
— Ontario Prov Police (@OPP_News) November 7, 2016
They posted this screenshot that suggests that some file types that you might receive in email attachments are safe. Unfortunately they are very wrong. The idea of posting a warning about dangerous email attachments is to be congratulated. It is just a pity that they spoiled it by giving bad advice and saying that some file extensions are safe or safer than others.
All email attachments regardless of file extension are potentially dangerous.
This is for several reasons. Lets start with the big one. Windows by default hides file extensions so when you receive an email with what is allegedly an image file, perhaps a name like “my dog.jpg”, unless you have “show known file extensions enabled“, you do not know it is a jpg or png file and it is very possibly a malware file that is actually named my dog.jpg.exe. Windows by default only fails to display the final extension, so the malware file that is actually named my dog.jpg.exe looks like an innocent file called my dog.jpg
Take a look at these 2 screenshots of the same .exe file that has a faked icon that makes it look like it is a jpg. Many people rely on the icon to say whether it is legitimate or safe, if the last file extension is hidden. With the .exe hidden, which is windows default, the vast majority of people would assume that the second image is a genuine jpg ( photo) and double click it to open & consequently get infected.
NO file extensions are EVER automatically safe when received either by email or when asked to download via a web link. You should always treat everything as suspicious and scan with an antivirus before opening it. Never open an attachment directly from the email or the web link. Save attachments to your download folder and then scan them with your antivirus. If your anti-virus doesn’t finds any malicious content, then double check by uploading to https://virustotal.com/ where over 50 antivirus / antimalware scanners will check the file. If they all come clean, then it is more likely that it could be safe to open. But there is still a chance of you being infected.
You might be safe when you receive a picture from your mother/ brother / sister or best friend, but always treat every attachment as suspicious and likely to infect you