Other than that don’t take presents or candy from strangers like you were taught as a child by your parents. Look before you leap…
But since these are unknown files wouldn’t they get sandboxed in the first place? I never tried.
I sometimes get those type of malware. It is always packed in zip archives and relies on social engineering. It says it’s an invoice, something scanned or so. It takes quite some steps to actually get infected.