Is a .PDF file always safe to open?

No. While safer than .exe files, PDFs can contain malicious links or scripts that exploit vulnerabilities in your PDF reader (like Adobe or Foxit).

What should I do if I opened a suspicious file?

Disconnect your device from the internet immediately. Run a full system scan with a reputable antivirus like Malwarebytes or Windows Defender. Change your sensitive passwords from a DIFFERENT device.

How can I check a file without opening it?

You can use services like VirusTotal to upload the file or its hash. Our checker above also analyzes the context and sender of the email to provide a risk score.

File Safety

Verify suspicious attachments before you download.

Email attachments are the primary delivery method for ransomware, spyware, and credential stealers. Scammers use deceptive file names and extensions to trick you into running malicious code on your computer or smartphone.

Security Insight

Roughly 1 in every 100 emails contains a malicious attachment. While .exe files are widely blocked, scammers now use 'Double Extensions' (like document.pdf.exe) or Archive files (.zip, .7z) to hide their payloads.

Identifies dangerous file extensions

Spots 'Double Extension' tricks

Protects against Ransomware

Analyze an Attachment Malware Prevention Guide

How to spot a Dangerous Attachment

A file's icon can be faked to look like a document when it is actually a program. Watch out for these high-risk signals before interacting with any unsolicited file.

The 'Double Extension' trick

A file named 'invoice.pdf.exe'. Your computer might hide the '.exe' part, making it look like a harmless PDF when it is actually an executable program.

Unexpected Archive files (.zip, .rar)

Scammers use compressed files to hide malicious code from simple email scanners. Never open a zip file from an unknown sender.

The 'ISO' or 'IMG' Disk Image

Files ending in .iso or .img are disk images. Opening these can automatically 'mount' a new drive on your computer and run malware scripts.

Macros in Office Documents

Files like .docm or .xlsm contain 'Macros'—small programs that can run inside Word or Excel to download and install viruses.

What IsThisSpam checks before you trust a sender

Quick verdicts are useful, but the real value is understanding why something looks safe, uncertain, or risky.

Urgency and Financial Lures

The email claims the attachment is a 'Court Summons,' 'Unpaid Invoice,' or 'Payroll Update' to force you to open it without thinking.

Generic File Names

Using names like 'Document_99283.pdf' or 'Scan_New_1.zip'. Real businesses usually use specific naming conventions related to your account.

Mismatched Sender Context

Receiving a 'Shipping Label' when you haven't ordered anything, or a 'Remittance Advice' from a company you don't do business with.

Hidden Script Extensions (.js, .vbs)

Files ending in .js (JavaScript) or .vbs (Visual Basic Script) are not documents; they are code files that run directly on your operating system.

Related guides

Use the checker for the fast answer, then read the deeper guidance for recurring scam patterns.

PDF Scam Checker

Specific guide for identifying malicious PDF documents.

Read the guide

Email Header Analyzer

Learn how to verify the true identity of an email sender.

Read the guide

FAQ

These are the questions people usually ask right before they click, reply, or pay.

Got a screenshot or attachment? Our AI can analyse it.

Free scan first, deeper analysis when you need it

Check the sender before you trust the message.

Start with a fast scan, then move to SuperScan when the message involves money, account access, or sensitive documents.

Analyze an Attachment Malware Prevention Guide