Check File Extensions To Help Prevent Malware Infections

BleepingComputer recently reported that every computer running Windows 10 is vulnerable to having its system hacked unless the user changes the default setting for viewing files.

Every file has an extension, which are the letters shown after the name. Common file extensions include .doc, .pdf, and .mp3.

By default, Microsoft hides a file's extension. However, this is a security risk that cybercriminals often take advantage of to trick users into opening malicious files sent through phishing emails and malware distributors.

Because Windows hides the file extension, users are more likely to think that malware that has an innocent file name is safe. If the user could see that the file extension is .exe instead of .pdf, he or she might be more wary. Gordon Kelly "Warning Issued For Millions Of Microsoft Windows 10 Users" forbes.com (Mar. 03, 2020).

 

Commentary

Being unable to see a file’s extension creates a dangerous environment in which you are less likely to avoid opening a malicious attachment.

With Windows 10 on over 900 million devices worldwide, odds are that millions of users are vulnerable because they are not checking file extensions before clicking on an email attachment. Cybercriminals know this and are taking advantage through phishing email campaigns.

Fortunately, there is an easy fix that will greatly improve your cybersecurity: Changing your Windows 10 default file extension setting.

To change your setting, go to the Windows 10 Start Menu and type “Folder Options.” Then open “File Explorer Options” and click “View tab” and “Advanced settings.” Uncheck “Hide extensions for known file types” then click “Apply” and “Ok.”

Think twice before downloading a file that has a common malware-related extension, such as .exe; .com; .pif; .bat; .scr; .pdf; .vbs; .rft; .doc; or .xls.

Finally, your opinion is important to us. Please complete the opinion survey:

What's New

Strengthening The Weakest Link To Prevent Social Engineering Attacks

Twitter experiences a social engineering attack. We explain why training and strong policies can help strengthen your weakest security link.

Are Your Employees Ransomware Ignorant?

A new survey suggests that many employees don't know what ransomware is or how to avoid it. Read tips for protecting your organization and its data.

New Vulnerabilities Are Emerging: Addressing Multi-Vector Attacks Now Is Important

Cybercriminals are using more sophisticated techniques, including attacking Macs and multi-vector attacks. Learn what steps can prevent such attacks.