Your IP: Unknown · Your Status: ProtectedUnprotectedUnknown

Detect double extensions with Threat Protection

Avoid fake extensions and protect your PC with NordVPN.

NordVPN Double Extension Detection feature_alt
.jpeg file with attached .exe malicious malware_alt

What are double extensions, and how do they work?

Double extensions are a way to trick internet users into downloading and executing a malicious file. We tend to assume that .doc or .jpeg files are safe because they are not executable, so we don’t hesitate to download and open them. How does it work?

File extensions on Windows are usually hidden but including a secondary (seemingly safe) extension creates the illusion that the file itself is safe and you don’t think twice about clicking on them. This way, “perfectly_safe.docx.exe” is displayed as “perfectly_safe.docx” and you might accidentally open it, thinking it’s a real Word file.

stay safe with Double Extension Detection from cybercriminals from around the world_alt

Dangers of double file extensions

Since using double extensions is a simple, effective, and cheap way to trick distracted users into downloading and opening an executable file, hackers often employ this method. This is how cybercriminals managed to infect thousands of devices with CryptoLocker ransomware and extract 3M dollars from their victims.

How to avoid executing files with double extensions?

Double extensions could pose a real threat to your Windows device. Here’s what you can do to stop them:

man detects double extension on a file_alt

Turn off the option to hide file extensions

Open any folder, select the “View” tab, and check the box next to the “File name extensions.” You will be able to see the full filename, and that might be enough to stop you from accidentally opening a file with a double extension.

Woman is reading a phishing email_alt

Don’t download files from unknown sources

If it’s not there, it can’t hurt you. Never download and open files from unknown senders or suspicious websites, and you’ll be safe. Unfortunately, this isn’t always possible.

NordVPN automatically detects malicious double extensions on downloaded files_alt

Use NordVPN to detect double extensions

All you have to do is turn NordVPN’s Threat Protection feature on. It will automatically notify you if it detects malicious files with fake extensions.

How to enable the double file extension detection



Open the NordVPN app.


Click the shield

Click on the little shield icon on the left side of your screen.


Turn it on

Toggle the Threat Protection switch on.

Frequently asked questions

Try NordVPN risk free

30-day money-back guarantee — no questions, no hassle. Enjoy peace of mind when surfing online.

NordVPN 30 days 100% money back guarantee