It’s easy to detect malicious emails: They often contain attachments that include the standard Windows executables (.exe) and JavaScript files (.js), executable programs that cyber crooks use to lure unsuspecting recipients into their trap. Beginning February 13, Google will no longer let Gmail users attach JavaScript files in email to address security concerns.

Google announced in a blog post:

Gmail currently restricts certain file attachments (e.g. .exe, .msc, and .bat) for security reasons, and starting on February 13, 2017, we will not allow .js file attachments as well. Similar to other restricted file attachments, you will not be able to attach a .js file and an in-product warning will appear, explaining the reason why.

More specifically, you will no longer be able to directly send .js attachments to others or even include these files in archives such as .zip or .tgz. However, you can still send JavaScript files using cloud-based methods such as the Dropbox or Google Drive service. Google Drive specifically allows you to send the link to the content you want to share with a friend or colleague.

The move also expands the current list of banned file attachments in Gmail, which includes .ade, .cmd, and .lib, among others. Cyber criminals have been using these file types to distribute malware via email over the last couple of years.

Over the past two years, JavaScript files have been a subject of abuse as cyber crooks can directly execute this file type on Windows, thanks to the Windows Script Host component. The JavaScript files often serve as a vehicle for downloading other malware. As a rule of thumb, you must never open a file that looks suspicious.

RELATED STORIES YOU NEED TO CHECK OUT: