Unless you change your default settings for file viewing, your Windows 10 computers are potential attack vectors. Specifically, hidden file extensions put you at risk.

When file extensions are disabled within file folders, you may have two files that look like PDFs, despite the fact that one is actually an executable that merely uses a PDF icon.

Presumably, programmers created this set-up to make things more user-friendly, but it’s a design that’s often exploited.

In a malicious email, bad actors can use the PDF icon to trick users into clicking files that are actually executables.

“ This is not to say strange PDFs you receive via email cannot be a risk, but receiving executables disguised as PDFs should definitely raise…alarms,” writes BleepingComputer.

The following email, for example, includes a normal looking ZIP file, called Scan_002_01.zip.

Image courtesy of BleepingComputer

In opening the email, we see a PDF file.

Image courtesy of BleepingComputer

However, upon with additional scrutiny, this file is clearly an executable, not a PDF.

Image courtesy of BleepingComputer

Ensuring that Windows shows you file extensions may save you from ransomware attacks, and other types of network related chaos.

For more on this story, visit BleepingComputer.