A file extension is the suffix at the end of a filename (like .docx or .exe) that indicates the file type to both users and the operating system. Attackers exploit this by using misleading double extensions or hiding the true extension. For example, a file might appear as "Report.pdf" to a user, but its actual name could be "Report.pdf.exe" – the OS might hide the ".exe" part by default, tricking the user into thinking it's a safe PDF document when it's really a malicious program. The visible extension doesn't always represent the file's true format or behavior.

A common attack vector is email attachments. Scammers might name a malware file "Invoice.doc.scr" or "Receipt.xls.js". The victim sees ".doc" or ".xls" and assumes it's a harmless document, but clicking executes the hidden script (.scr, a screensaver format often used maliciously, or .js JavaScript). Similarly, files downloaded from untrusted websites might use names like "game-installer.mp4.exe", relying on the OS hiding the dangerous ".exe" part. Ransomware and banking trojans frequently employ these tactics.

The core danger is that it bypasses user vigilance – people are trained to recognize known dangerous extensions like .exe, but hidden ones exploit this awareness. This underscores the critical importance of displaying full file extensions in Windows (via Folder Options settings) to see the complete filename and any suspicious double endings. While the technique is effective for initial infection, robust antivirus software and user skepticism about unsolicited attachments remain key defenses against such deception-based attacks.