Scam Message Checker

What to do if you downloaded a suspicious attachment

An attachment can carry malware. If you opened it, secure your device and accounts.

Quick answer

An attachment can carry malware. If you opened it, secure your device and accounts.

  • Do not open it further; disconnect from the internet
  • Delete the file
  • Run a security scan
  • Change key passwords from a trusted device
Most urgent

Do this now

Contact your bank or IT support if sensitive systems were exposed.

Understanding what happened

Downloading an attachment - a fake invoice, receipt, or 'document to sign' - isn't always harmful by itself, but opening it, or enabling 'content' or 'macros', can install malware or send you to a credential-stealing page. The risk depends on what you did after the download.

Malicious attachments aim to steal passwords, log what you type, or give an attacker a foothold on your device. Work email is a common target, because one compromised mailbox can be used for invoice fraud and to reach colleagues and suppliers.

If you downloaded but never opened the file, deleting it is usually enough. If you opened it or enabled content, the steps below help you scan the device, change exposed passwords from a clean device, and watch the accounts that matter most.

First 5 minutes

  1. Do not open it further; disconnect from the internet
  2. Delete the file
  3. Run a security scan
  4. Change key passwords from a trusted device

First 24 hours

  1. Update your operating system and security tools
  2. Watch for unusual account activity
  3. Back up important data safely
  4. Report if work or financial systems were involved

What not to do

  • Do not pay anyone who promises to recover your money for an upfront fee
  • Do not act on follow-up messages claiming to be the fraud team
  • Do not delete evidence before saving it

Evidence to save

  • Screenshots of the message and sender details
  • Phone numbers, usernames, links, and account or wallet addresses
  • Transaction references, receipts, and amounts

How to save scam evidence →

How to report

Report through official channels for your area.

Find official reporting links for your country in the reporting directory.

  • Do not use phone numbers or links from the suspicious message - look up the official ones yourself.
  • Report quickly if money was sent or ID documents were shared; speed improves your options.
  • Keep your evidence - see how to save scam evidence.

Beware of recovery scams: no legitimate service guarantees getting your money back for an upfront fee.

This is general safety information, not legal, financial, or cybersecurity incident-response advice.

Still have the message?

Check it to understand the red flags and how to report it.

Check a message

Frequently asked questions

How quickly should I act?

As soon as possible. Fast action - especially contacting your bank - gives the best chance of limiting harm or stopping a payment.

Will I get my money back?

Sometimes, if you act quickly, but there is no guarantee. Be very cautious of anyone who promises guaranteed recovery for an upfront fee - that is a recovery scam.

Get scam safety updates

Practical scam alerts, new examples, and simple safety tips. No spam. No sensitive message data.

We only collect your email address, optional name, consent status, signup page, and signup time. See our privacy policy.