That means that GMail users can’t send or receive emails with .js file attachments. Anyone sending a .js file to a GMail user will find their email bouncing back to them with an explanation of why it wasn’t delivered.
Regardless of the operating system you run, we strongly recommend enabling the view of file extensions (so often hidden by default!) so you can see exactly what kind of file type you’re dealing with, mitigating the risk of running a malicious file by accident.
If you try to send an email with a .js attachment, Gmail will give you an error message letting you know that your file type isn’t allowed and was “blocked for security reasons”. As an alternative, Google will suggest using outside storage, like Google Drive or Dropbox, and linking to the file from within the email. (There’s no getting around this by zipping up your file either, as Google will take a look inside the compressed file to check.)
Don’t fall for malicious email tricks
With GMail users unable to receive malicious .js files attackers may switch tactics again so it’s important to stay wary of both emails with attachments and those without.
Remember that attackers cam control or fake almost every detail of an email so you can’t rely on any of the information you’ve been sent, whether it’s a link, a phone number or who the email’s from.
Some attackers will help you out by raising red flags with poor spelling, a sense of urgency (your account has been locked, your bill is overdue!), dodgy domains or suspiciously shortened links but some won’t. The crooks know that keeping it simple works and they how to copy and paste from legitimate emails.
If an email purports to come from an organization or person you know verify the email’s legitimacy by contacting the (apparent) sender directly.
If they want to talk to you find a number in your address book or on their website that you can call. If the email contains links that appear to go to their website, especially if it’s asking you to log in, don’t click on them. Ignore the links in the email and go directly to their website by typing their address in your browser or searching for them.