The first step in this phase is to analyse the file format or its extension. Some malicious files may have additional extensions, such as .pdf.zip, or may have no extension at all. Certain extensions are often used for malicious files. However, the presence of such an extension indicates that the file might be dangerous, not necessarily that it definitely is. Here are some examples:

• .zip: Commonly used for compressing and archiving files, functionality that can be exploited to mask malicious software within the file.
• .exe: Indicates an executable program and may be used to install malware.
• .bat: Used for batch scripts and can contain commands that execute malware.
• .vbs: Used for Visual Basic scripts, which can be malicious.
• .js: Known extension for JavaScript files, which may contain malicious code.
• .msi: Extension for Microsoft Installer files, which can be used to install malware.
• .scr: Used for screensaver files, which can be disguised as something else but actually contain malicious code.
• .dll: Extension for dynamic libraries, often used for attacks on software vulnerabilities.

When analysing links and attachments, caution should be exercised to avoid accidental clicks, and it's essential to use antivirus software that detects and prevents malicious files.