The fraudsters often use long attachment filenames so that you can’t see the letters at the end, known as file extensions. However, it’s not the three letters at the start of a filename that you should be concerned with - it’s the three or four letters at the end, after the dot.