Detect double extensions with Threat Protection

Avoid fake extensions and protect your PC with NordVPN.

NordVPN Double Extension Detection feature_alt

.jpeg file with attached .exe malicious malware_alt

What are double extensions, and how do they work?

Double extensions are a way to trick internet users into downloading and executing a malicious file. We tend to assume that .doc or .jpeg files are safe because they are not executable, so we don’t hesitate to download and open them. How does it work?

File extensions on Windows are usually hidden but including a secondary (seemingly safe) extension creates the illusion that the file itself is safe and you don’t think twice about clicking on them. This way, “perfectly_safe.docx.exe” is displayed as “perfectly_safe.docx” and you might accidentally open it, thinking it’s a real Word file.

stay safe with Double Extension Detection from cybercriminals from around the world_alt

Dangers of double file extensions

Since using double extensions is a simple, effective, and cheap way to trick distracted users into downloading and opening an executable file, hackers often employ this method. This is how cybercriminals managed to infect thousands of devices with CryptoLocker ransomware and extract 3M dollars from their victims.

How to avoid executing files with double extensions?

Double extensions could pose a real threat to your Windows device. Here’s what you can do to stop them:

man detects double extension on a file_alt

NordVPN automatically detects malicious double extensions on downloaded files_alt

Turn off the option to hide file extensions
Open any folder, select the “View” tab, and check the box next to the “File name extensions.” You will be able to see the full filename, and that might be enough to stop you from accidentally opening a file with a double extension.
Don’t download files from unknown sources
If it’s not there, it can’t hurt you. Never download and open files from unknown senders or suspicious websites, and you’ll be safe. Unfortunately, this isn’t always possible.
Use NordVPN to detect double extensions
All you have to do is turn NordVPN’s Threat Protection feature on. It will automatically notify you if it detects malicious files with fake extensions.

How to enable the double file extension detection

Open

Open the NordVPN app.

Click the shield

Click on the little shield icon on the left side of your screen.

Turn it on

Toggle the Threat Protection switch on.

Frequently asked questions

Can files have two extensions?

Yes, some files can have two extensions that are real, not just text written into the filename.

What OS is double extension detection compatible with?

NordVPN’s Threat Protection will detect double extension files only on Windows devices.

Is double extension detection included in NordVPN subscription?

Yes. Double extension detection is part of NordVPN’s Threat Protection feature, and you don’t have to pay extra for it after you get the subscription.

How do I delete a double extension?

If you notice that you’ve downloaded a file with a double extension, you can delete it like any regular file. However, with NordVPN’s Threat Protection, you won’t even have to think about it — if it detects you’ve downloaded a malicious file with a fake double extension, it will delete it immediately and notify you about it.

Try NordVPN risk free

30-day money-back guarantee — no questions, no hassle. Enjoy peace of mind when surfing online.

Get NordVPN