One of the other tricks in malicious emails takes advantage of file extensions. We’re all familiar with web sites ending with “.com”. [Yes, I know that English punctuation rules put the sentence’s period inside the quotation marks, but that’s confusing when we talk about computer stuff. Therefore, I ignore that punctuation rule under these circumstances.]
What would you do with an attached file that was labelled www.yahoo.com ? Click on it? It could be www.yahoo.com.exe, so you get suckered again.
If you have turned off the “hide file extensions” setting in Windows, and the file showed www.yahoo.com, do you click on it?
No. They are not common now, but “.com” is the extension for another type of executable file.
In other words, an attachment with .com is just as bad as an attachment with .exe. If you know the person and are expecting the file, you’re probably ok. If not, be suspicious.
Basically, the list of file extensions that can get you in trouble, if you click on their files in an email, is long and varied.
The best rule is:
“if you don’t expect the email with the file, do not open the file.”
If you really want to see a list, go to http://antivirus.about.com/od/securitytips/a/fileextview.htm . It will be far easier to remember the rule.