The double extension trick is a deceptive technique used by cybercriminals to disguise malicious files as harmless documents. Attackers name a file with two extensions, such as 'invoice.pdf.exe', so that the true executable extension is hidden or overlooked. Many operating systems, by default, hide known file extensions, making the file appear as a legitimate document (e.g., a PDF) rather than an executable program. Unsuspecting users may open the file, believing it to be safe, which then allows malware to be installed on their system. This trick is commonly used in phishing emails and malicious downloads to bypass user suspicion and security filters.