A few readers asked why .RTF email attachments are considered a security risk and should not be opened. The common view is that RTF documents are safer than Word documents but it’s not as simple as that.
The confusion is understandable. After all .RTF (Rich Text Format) files aren’t designed to carry any computer code / macros that can be run to start a virus infection. So they would seem to be ‘safe’ from virus infection.
Sadly, not having macros doesn’t stop hackers using RTF’s maliciously.
RTF documents can still be used to compromise a computer. Over the years there’s been various instances where hacked RTF files have been used to run malicious code when the RTF file has been opened with Word. Microsoft has released many security bug fixes related to risks with RTF files.
In other words, hackers take advantage of security lapses in Word that are available when RTF files are opened.
In 2014 Microsoft took the step of recommending RTF’s be blocked as email attachments and provided a tool to do that.
DOCX or PDF are safer choices
.DOCX files that are both more secure and smaller (they are compressed by default) so .rtf files are less commonly used. .DOCX cannot run macros.
.PDF are also a good choice.
Be wary of incoming documents in either .DOC or .RTF format as well as .ZIP attachments. Why Old Office documents should be banned
When sending out documents, the polite and security aware option is the Office 2007 and later document formats – .docx .xlsx or .pptx