Be wary if extracting the zip reveals a file like document.pdf.exe .

Right-click the file and run a scan using Windows Defender , Malwarebytes , or Bitdefender .

Legitimate software updates are usually several megabytes; small "invoice" zips (under 500KB) are often malicious.