Ask Leo!

Technology With Confidence

  • About
    • About Ask Leo!
    • Ask Leo! Patreon FAQ
    • Ask Leo! Membership FAQ
    • Free Newsletter
    • Support Ask Leo!
  • Best Articles
    • Most Important
    • Most Popular
    • Most Recent
    • All Entries (by date)
  • Ask Leo!
    • Ask
    • Best Of
    • Glossary
    • Facebook
    • Podcast
    • Contact
  • Store
    • Become a Patron!
    • Books & More
    • Shopping Cart
  • My Account
    • Login to askleo.com

Technology With Confidence

Can I Really Get Malware by Just Looking at Email?

It used to be that simply viewing a malformed email could allow a virus to spread. Thankfully, that's no longer the case with modern mail programs.

New malware appears every day, and it seems like hackers constantly get smarter and craftier.

In the past, asking if your machine could become infected with malware by just reading your email would get laughs from the geeks in the crowd. “Of course not!” they would giggle.

Then came Outlook. Not only could opening an email infect your machine, but for a while, you didn’t even have to be around to have it happen.

And the geeks stopped giggling.

For a while.

Fortunately, today things are different.

Become a Patron of Ask Leo! and go ad-free!

Of HTML, DHTML, and JavaScript

HTML is the “language” of the web. It’s the way web pages are encoded and described to your browser so it can display the web pages as the designer intended.

DHTML, for Dynamic HTML, and JavaScript, a programming language, added something HTML didn’t have by itself: the ability to do things. By “things,” I mean actions as simple as turning this portion of this sentence red when you move your mouse over it to interactive games you can play in your browser.

Your browser, and the HTML that was displayed in it, became a platform for computer programs.

Then along came email.

HTML email

Email used to be plain-text only, and much of it still is.

But someone had a bright idea: what if we made email more flexible and gave it all of the richness of HTML formatting? In HTML-formatted email, words can be bold or underlined, we can insert images, and much much more.

Email could be as “pretty” and complex as a magazine page.

Since many email programs simply used the same code as the web browser, email messages could also now do things.

Then along came malware.

VirusMalware in email

If email could “do things,” like run small programs within the window in which they were being viewed, it didn’t take long for hackers to start writing malware that not only took advantage of that, but also exploited other vulnerabilities those programs could access.

Vulnerabilities that allowed them to infect your machine with more malware…

…simply because you opened your email and looked at it.

Before it got better, it got worse.

Then, along came Outlook.

The Preview Pane’s Role

I say “Outlook,” but in reality, any email program that offered what we now call a “preview pane” was vulnerable. Outlook was simply one of the earliest and most popular.

The scary scenario worked like this:

  • You left your email program open on a view of your inbox with the preview pane showing.
  • You had the “most recent” email selected; its contents were in the preview pane.
  • You left.
  • You got new email. Outlook dutifully kept the selection at the most recent, and updated to select the newly arrived message.1 As a result, it also updated the contents of the preview pane with the contents of the new message.
  • If the new message contained malware that infiltrated by trying to execute JavaScript, that malware would run and infect your machine.

Your email program “looked” at a message and your machine was infected. You weren’t even there.

Fortunately, that didn’t last long.

Modern email programs and sites don’t do that

Needless to say, that possibility was fixed quickly.

The most dramatic fix is that JavaScript, and almost all other scripting used to allow an email message to “do something”, no longer works. Period. For good or for evil, you can’t put scripting into an email message and expect it to work.

Along the way, the vulnerabilities related to email-based exploits2 have also been getting fixed, regularly and quickly.

Additionally, images aren’t even displayed by default by most email programs anymore (for reasons related to spam, but it also increases your security with respect to malware). Today’s situation is very, very different.

Today, you cannot get infected by just looking

Opening an email is a safe thing to do.

Having your preview pane open is a safe thing to do, even if you’re not around.

Email programs and email services now no longer allow the things that once upon a time made looking at an email risky.

However…

You CAN get infected if…

The one thing missing from the discussion above is: attachments.

The ability to attach an arbitrary file to an email message actually predates HTML-formatted email. It remains a convenient way to transfer a file from one place to another.

Unfortunately, the word “arbitrary” is appropriate. Any file can be attached to an email, including programs that infect your machine with malware.

That’s why one of the admonitions relating to internet safety is to never open an attachment you’re not expecting and that you don’t know for certain is safe.

You can get infected by just looking at the contents of an attachment.

Email safety rules

So, let’s review the rules for safe email:

  • Keep your versions of Windows, your browser, and your email program up to date with the latest patches. If a vulnerability is discovered, you want it to be fixed as soon as possible so as to keep things as safe as possible.
  • Run appropriate anti-malware software to help keep your system clean.
  • Keep your anti-malware software up to date, and most importantly, allow it to keep its databases of malware information as up to date as possible as well.
  • Never open an attachment unless you expect it, you’re positive you know what it is, and you trust the sender.
  • Never click on a link in an email message unless you’re positive you know where it’s going, and you trust the sender.
Play

Download (right-click, Save-As) (Duration: 7:18 — 3.4MB)

Subscribe: Apple Podcasts | Android | RSS

This is an update to an article originally posted April 28, 2004

Related Posts

  • How do I check a website for malware without infecting my own machine? - This is a difficult problem to solve. Steps to protect yourself from a malicious website could mask the problem so you never see it. I can give you a few suggestions.
  • Can malware authors hijack my anti-malware software? - Once a hacker has control of your machine they can do anything they want. So yes, they will try to disable your anti-malware... and more!
  • Why doesn’t malware appear in the Add/Remove Programs list? - Malware not showing up in the Add/Remove Programs list doesn't surprise me at all. After all, malware's success is based on its ability to hide from you!
  • Will malware infect the backups on my connected backup drives as well? - In truth, malware can infect anything that it wants to, but there are a lot of reasons why your backup files aren't targeted.

Footnotes & references

1: This behavior has also changed over the years. I believe Outlook now no longer changes which message is selected.

2: One example: there were at one point exploits in the software used to display images such that malware could attach itself to maliciously-crafted image files. Not only have those exploits been resolved, but most email programs no longer display images from untrusted senders by default.

Posted: June 2, 2017 in: Email Security
Shortlink: https://askleo.com/1931
TAGS: bestof, infection, malware, Outlook, preview pain, virus
« Previous post: What’s This Confirmation Request I Got When I Emailed Someone?
Next post: Tip of the Day: Mouse Selection Techniques »

About Leo

Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Comments

  1. grimm

    October 30, 2004 at 1:32 pm

    Dear Leo,
    I have today received two virus-bearing e-mails, whose address is nearly the same as a newsgroup I subscribe to. I have blocked it and found the router information. I seem to have the e-mail address here of the person who started the chain of events. What do I do now?

    Reply
  2. Leo

    October 30, 2004 at 11:02 pm

    In general in these situations I do nothing. Depending on how certain you are about knowing where the virus started, you might contact them and let them know they’re infected, but viruses are so good at mucking up email headers that I no longer trust that information. Best advice: make sure you’re protected, delete the viruses and go on.

    Reply
  3. Hayder

    March 28, 2005 at 6:25 pm

    okay, 1) so how’s clicking on an url inside an email potentially destructive? Could that single “click” have been disguised as a “run” click which ensuingly activates a script or a virus of some sorts?

    2) Can WORD/EXCEL/PPT files be infected with viruses?

    Reply
  4. Leo

    March 28, 2005 at 6:31 pm

    1) It’s very easy to make a URL *look* like it’s going to one place, when in fact it’s going somewhere else. Case in point: all the eBay, Paypal and bank “account verification” phishing scams.

    2) Absolutely. They all support a very powerful macro/scripting language that can be used. It’s one of the reasons that current version of Office applications include various security measure that typically will disable, or at least ask, before opening a document that contains macros.

    Reply
  5. Aneta

    July 22, 2006 at 11:29 am

    Leo,
    I have a question related to contracting something just by opening an email. Is it true that you should not use the preview functionality because it opens an email and tells spammers you are a valid recipient?
    Thanks

    Reply
  6. Ian

    November 16, 2012 at 3:03 am

    Thought you might find the following a bit amusing even though it is based on fact from my own experience of 25 years in the computer industry.

    Regarding Viruses, when you receive a dire warning of a new Virus on the Internet never send it on to friends in your address book, or click anywhere on it. Write down the name of the so called Virus, then go on the Internet and type in the name of the virus and the word scam. This will tell you if it is just a hoax. If so simply delete the offending email. But on the other hand your Internet search reveals that it is a real threat then you can warn your friends, NOT by forwarding the Email but creating your own warning Email to send to them.

    Most of the viruses on the Internet are put there by the very people who sell virus programs and Internet security. It is a multi Billion dollar industry and so Virus program companies never want to see it end, only grow larger. Of course there are other idiots who have nothing to do with these companies who put viruses on the Internet just to hurt or be smart.

    Also China currently is training thousands of computer hackers to become adapt in corrupting military, government, banks and civilian computers in the West, that is one of the real dangers that might be facing us as we move towards skype or computer communications. Imagine if just in Sydney alone if they shut down the computers that control traffic, airport and banks computers including shopping centres and ATM’s the chaos it would cause.

    Another dangerous place to go with your computer is on the Internet to so called “Crack Sites” these are Websites where at no cost you can download a serial or key number to activate Free a program or game for nothing this is a way many people in the past have freeloaded games and programs.

    Years ago this was relatively safe however over recent years the people and companies who spend money and time developing programs worth Dollars are finding their profits and ideas stolen.

    So to combat this they are submitting serial numbers and small programs called keygens that generate a number or key for their programs that people have downloaded free. However when you open these Number or Keygens it instantly corrupts your computer. So my advice is stay well away from Crack sites.

    Another ploy by some overseas companies is they offer you free “Speed Up” or scanning programs for your computer. Several simply run the so called free scan on your computer, As an experiment a group of computer Techs I know ran a couple of these programs on several computers. At the end of the test strangely they all showed exactly the same faults.

    At the end of the test came the same message. Free scan complete, Our program can fix the faults found and speed up your computer just send us X amount of dollars.

    So after you send them the money and the program is activated (if you are lucky) your computer seems to run a bit faster. What has really happened is the program has placed a slow down robot on your computer. This is stopped for the 12 months of your paid time. Occasionally just to remind you the program will either speak to you or place fancy messages on your screen just to remind you it’s there.

    Towards the end of 12 months the slow down robot cuts in and as you get annoyed with your computers slowness you once again pay your subscription to the speed up con-men. Just the same as renewing your subscription to a Virus program company.

    A thing that you have to realise Alan the normal Virus scanning program on your computer can scan each file or folder for over 200,000 yes that’s two hundred thousand virus signatures in less than one second (No wonder your computer needs a cooling fan on it’s Brain ‘CPU’).

    However to use a computer without a virus program you can do several things, Install ‘LINUX’ system on your computer, no problems with viruses. It runs fine along with your Windows XP program. So LINUX for Internetting and Windows XP for everything else but never connecting to the Internet.

    Apple Mac computers I believe are faster, run smoother and never have a problem with Viruses.

    The Emails your receive that are passed on Funnies that you get from someone that has also sent these Emails to everyone in their address book unknowing the real possibility nor risk as they do it in good faith not realising the risk to others they care for.

    These corrupt Emails are what they refer to in the trade as Used Condom Emails because they are passed on from and to many people they can carry corruptions and spyware not only to your computer but also to other peoples computers. It is a bit like the Aid’s Virus for computers. They are a bit like the old “Chain Letters” in many instances.

    Normally if you say to someone ‘you know those funnies you receive and pass on could carry corruptions’ they can get a bit offended, still it is not said to offend just let people be aware of might be unknowingly happening, and that is the real danger in today’s world of electronic technology.

    The problem with all the Windows operating systems is just like a protective mother they are to over protective and in this very fact leave your computer open to attack. One feature of the windows operating system is a thing called “Remote Access” this allows anyone, anywhere in the world whilst you are on the Internet to log onto your computer. It is as if they are in your home sitting at your computer.

    Normally this system will only work if you give that person or persons electronic permission to access your computer. Best thing is to disable “Remote Access” on your computer, Unfortunately you may need to check it every second day as if a corrupt email or a link from a website may override and activate remote access allowing hackers into your system and stealing personal gear.

    Another thing that you never hear mentioned is about Keyboard Viruses, whilst remotely connected to one of these hackers across the world or a corrupt Internet website, everything you type on your keyboard, Names, Phone numbers, Passwords and login words, numbers or letters also Email Address can be recorded on some hackers computer.

    So the way to avoid this is when typing in private stuff use the Onscreen Keyboard you will find in Programsaccesoriesaccessabilities never have to type manually your password Etc. just click on the onscreen keyboard.

    Cheers

    Reply
  7. Dan

    December 4, 2012 at 8:45 am

    Wow Ian, I doubt reputable companies use these ploys. Anyway – no matter how you enter text, my understanding is it goes through a keyboard buffer. So if you use a usb keyboard, or onscreen keyboard or automated batch process to enter data, it still puts and pulls the data from the keyboard buffer — that is unless it has changed without me knowing it (which could happen). Those keyboard hacks also pull the data out of the keyboard buffer – so the other data entry routes won’t stop the hackers from reading your keypresses – since they are not actually monitoring the keyboard, but the keyboard buffer built into all computers.

    Reply
  8. Jabba the Cat

    December 4, 2012 at 8:53 am

    “Most of the viruses on the Internet are put there by the very people who sell virus programs and Internet security.”

    A comment based in true ignorance…

    Unfortunately many, many people believe this fallacy.

    Leo
    05-Dec-2012

    Reply
    • bill

      June 6, 2017 at 9:27 am

      A sign of ignorance – the length of the rant accusing everyone of evil.

      Reply
  9. Gabe

    December 4, 2012 at 9:11 am

    I just confirmed that Outlook 2010’s preview pane no longer shows new emails arriving. I checked the “Inbox” and the “Unread Mail” view. It maintains the selection of the last email you viewed not the one that just arrived. Of course, there may be a way of overriding this but I haven’t looked into it.

    Reply
  10. Kevin

    December 4, 2012 at 9:27 am

    Wow as someone said!!!..But I always assume the worst…So what to do??….Being very very careful helps a lot and may be the best at the moment.

    Reply
  11. Patrick C

    December 4, 2012 at 9:48 am

    I loved reading the above. It confirms in a nutshell what I regularly tell family and friends re. (e-mail) viruses but which some of them seem not to accept or willing to apply.
    One off the things I keep repeating is along the lines you suggest:”So LINUX for Internetting and Windows XP for everything else but never connecting to the Internet.
    Apple Mac computers I believe are faster, run smoother and never have a problem with Viruses.”
    I have one remark and one question:
    1. About Linux running OK alongside Windows (which is more vulnarable) and keeping both seperated with regard to internet access, I’m inclined to agree. But all too many people are so used to Windows… It is as if they are brainwashed and consider Linux to be an unsurmountable obstacle.
    2. However, saying that Macs never have problems with viruses is a very strong statement, so strong that I find it hard to believe… Could you explain why that should be so? Technically I see no way how or why Apple Mac could be totally invulnarable to viruses (or other malware). Each time some one confronts me with that kind of statement, I’m at a loss for a really correct answer. I’ll appreciate your views on this. Kind regards, Patrick.

    Reply
  12. connie

    December 4, 2012 at 1:56 pm

    @Patrick C,
    Linux and Macs are probably just as vulnerable to viruses. It’s just that the majority of computers are Windows, so hackers and scammers target their energy to those.

    Leo wrote a good article on that: Are Mac’s inherently safer?

    Reply
  13. Rick Sos

    December 4, 2012 at 2:32 pm

    Yup those attachments can be deadly. A month ago I decided to click on an attachment. Half an hour later I noticed my anti virus had been shut down. Not sure if I had restarted it or not during that period. I did a scan and sure as God made little green apples I was infected. With the virus removed I felt better for about ten minutes then that voice that was telling me not to click on the attachment in the first place said check again.

    I restarted the computer and scanned and sure enough it was back. I removed it with an Avira rescue disk and did an all files scan with MalwareBytes and all was well after that.

    All that time spent scanning was my own fault. I didn’t listen to my inner voice. lol.
    I invited the darn thing into my computer. I didn’t listen to my own advice. Hahaha.
    Now if I’m not sure I just open them with Linux.

    Reply
  14. johnbots

    December 4, 2012 at 9:06 pm

    As always, a well written, informative article. Thanks

    Reply
  15. Tom

    December 4, 2012 at 10:31 pm

    For all that’s said and written about malware, viruses et al and the billions that must be being spent on fighting it, I personally wonder just what it is that goes on in the sick little minds that create and dispatch this muck out into the ether.

    It’s not even as if the could get their kicks out of watching the dismay on people’s faces when they realise that their computer is sick. They can only imagine it. Truly weird people.

    Reply
  16. Mitch MacKay

    December 5, 2012 at 12:27 am

    Having to copy & paste to send articles is the necessary workaround in lieu of attachments. Recently some reliable contacts’ names and addresses have been hacked and attachments forwarded through those email addresses, which though only spam cause some disruption in email
    function. That implies some cautionary scrutiny into even known contacts. Attachments are definitely the devil’s playground.

    Reply
    • bill

      June 6, 2017 at 9:29 am

      The other thing is to describe the attachment and how it connects you to the recipient.
      Spammers who are sending out millions of copies of the same item to names on their list cannot personalize it.

      Reply
  17. Mark Jacobs (Team Leo)

    December 5, 2012 at 4:59 am

    @Tom
    Almost all virus activity has shifted from the kicks hackers get from creating a virus, to malware that is used for illicit commercial purposes such as stealing credit card and log in information, and spam bots etc.

    Reply
  18. Jabba the Cat

    December 6, 2012 at 12:39 am

    The other great myth, again based in ignorance, is that the are no viruses or malware that will run on a Linux platform…

    Reply
    • bill

      June 6, 2017 at 9:32 am

      Security through obscurity is only great if you are obscure enough. I bet there aren’t any viruses currently out there for the TI-994a computers but there are a lot (numerically rather than percentage) of Unix based computers.

      I know Mac users that believed that they couldn’t get viruses and others that knew they could but that there were fewer of them out there.

      Reply
  19. jerry thomas

    December 6, 2012 at 6:45 am

    Why can’t my ISP filter out malware before it gets to me??…..jt

    Particularly in the case of email, many try. Gmail is a great example. But no solution is 100% secure and your email providers and ISPs face a much larger backlash when they accidentally prevent you from getting something legitimate, so they tend to be conservative.

    Leo
    08-Dec-2012

    Reply
  20. Vesa Koistinen

    January 15, 2014 at 9:44 pm

    This is an old discussion thread, but I want to tell what happened to me a few years ago: I was fool enough to open an e-mail from an unknown source, and it contained just some code (computer language) plus a brief threatening message in plain English. No attachment or link. But just by opening that message I got a worm infection. I got rid of it by restoring a backup. Hopefully such things do not happen nowadays.

    Reply
    • Mark Jacobs (Team Leo)

      January 16, 2014 at 3:11 am

      That’s one of the things that’s no longer a problem with modern mail programs.

      Reply
      • Vesa

        January 16, 2014 at 6:13 am

        OK, got it. Thanks, Mark !

        Reply
  21. Noel

    January 23, 2014 at 5:20 pm

    Hi-I did read the article, and while I understand that just opening an email will not infect my computer….I opened an email on my phone (I have a basic phone with no internet unless I pay for it (but I think Verizon gives you some ability to open emails/send emails from my phone since I am able to email)—Anyway, the opened email had no content that I could see and since someone has been stalking me (police involved) I am concerned that this person somehow sent me a virus that can track my texts or even listen to my conversations….is this possible or am I being completely paranoid?? Any information on this would be greatly appreciated-thank you.

    Reply
  22. Peter

    January 24, 2014 at 1:11 pm

    Hi,
    This is old discussion, but read following:
    I received email with attachment fax.zip in my Outlook. I clicked on email to see it. Than I just selected (not double clicked) fax.zip file and Symantec protection alert pop up that it detected Malware infection and deleted fax.zip plus 10 other files (for example: C:\users\Peter\syswow64\wsnpoem\audio.dll)
    My Outlook is set to ask me if I want to preview any files in reading pane. I didn’t double click on zip file in email, just selected it. If I do same with any other file, outlook would ask me: Are you sure you want to preview??
    So, did just selection of the file initiated file execution?
    Thanks

    Reply
    • Mark Jacobs (Team Leo)

      January 24, 2014 at 1:48 pm

      Outlook has safeguards to not initiate execution. If it is executable, it will warn you and ask if you want to execute it anyway.

      Reply
      • Peter

        January 24, 2014 at 2:07 pm

        I know, but how come Symantec found another 10 files (for example: C:\users\Peter\syswow64\wsnpoem\audio.dll) already at my pc with attached file. As soon as I selected attached file, Symantec alert popup: Found malware Trojan.zbot. and list of deleted files and restart required.

        Reply
      • LadyQ

        July 27, 2014 at 3:53 pm

        It seems you did not answer the question. If he did not double-click on the link, how could there already be 10 files on the computer? Or – why did Symantec delete files that were NOT part of the e-mail? Thanks. This site has been helpful to me.

        Reply
        • Mark Jacobs (Team Leo)

          July 28, 2014 at 8:28 am

          If an email contains malware, an AV program will find it, but modern email programs won’t execute the malware.

          Reply
  23. ylsi

    January 7, 2015 at 4:14 am

    Hi,
    sorta related on Vesa Koistinen’s comment, what if a person sending email via infected device (PC with virus or smartphone with virus for example –let say, the viruses are computer virus and smartphone virus), not inserting any attachments at all, does the email bring the virus?

    Reply
    • Leo

      January 7, 2015 at 8:22 am

      Viruses are usually attachments, but they;re often also transmitted by links in the email that people click on.

      Reply
  24. Ylsi

    January 7, 2015 at 11:49 pm

    Thanks for your reply, Leo..

    Here the case:
    I open/read a plain email (only text, no attachments at all, no links written) which is sent by infected PC/smartphone. As you said, “You cannot get infected by just looking”,
    I assume I won’t get infected by that email and the email doesn’t bring/spread any viruses from the infected PC, right?

    Reply
    • Mark Jacobs (Team Leo)

      January 8, 2015 at 1:40 am

      As the article says, you should be OK in this case.

      Reply
    • Leo

      January 9, 2015 at 8:15 am

      You won’t get infected by looking. “won’t bring” is too vague a term. When the email is downloaded to your PC there may, indeed, be viruses in the attachments it carries. As long as you don’t cause those attachments to be opened, then you won’t get infected.

      Reply
      • Ylsi

        January 10, 2015 at 4:29 am

        @Mark Jacobs and Leo:
        Thanks for your answers..
        Ok, as long as I don’t open any (suspicious) attachments/don’t click any (suspicious) links. I’ll be fine.

        Reply
  25. Tom

    May 19, 2015 at 9:37 pm

    Recently I have been seeing emails with .zip attachments that activate a trojan from the .zip header just by previewing it, without even unzipping the malicious file. This is worrying.

    Reply
  26. Mitar

    February 13, 2016 at 2:32 am

    Hey everybody.

    Today I received an email in my Gmail account from a strange sender I didn’t know. I opened it and it contains a picture. As you know it is by default not shown in gmail. I press the “display the image” option and in the picture there was a suggestion to open a link which I didn’t click. But I’m so worried that even by displaying that image I might be infected by the virus. I opened it first in my Android phone but even in my mobile phone I didn’t press the display image button. I then opened it on my laptop and as I told you I press the display the image button. Do you think now I’m in danger of being affected by any virus. unfortunately I have no antivirus not on my mobile phone nor on my laptop.

    regards

    Reply
    • Mark Jacobs (Team Leo)

      February 13, 2016 at 8:03 am

      Displaying an image in an email won’t invite a malware infection. It does, however, notify the spammers who sent it that your email is a live address and may open you up to more spam.

      Reply
    • Leo

      February 13, 2016 at 11:48 am

      Simply displaying a picture would not infect you. At worst you may just get more spam.

      Reply
  27. Goatlips

    March 18, 2016 at 8:53 am

    *Anymore
    e.g. Do you have any more apples? No, we don’t sell apples anymore.

    Any more = amount; Anymore = time.

    Reply
    • Mark Jacobs (Team Leo)

      March 18, 2016 at 9:38 am

      Thanks, fixed.

      Reply
  28. Helmut Merkel

    April 30, 2016 at 9:58 am

    Hi Leo. I read your article already a few weeks ago, and all what you said made sense to me – as is the case for all the other articles you published by now, and I have read many of them.

    But in a German newsletter, which I subscribed to and which came from the highly regarded (I’ll translate into English, the official name is in German) “German Federal Bureau for Security in IT” I read something on 28 April 2016 that really made me nervous. After that I posted my concerns on http://superuser.com/questions/1071213/can-you-get-a-virus-simply-by-opening-an-email (not sure if I’m allowed to post this URL here!), so if you like you can read the details there, it doesn’t make sense to just copy & paste all my statements from there to here – in case I’m supposed to do that, let me know.

    So my question: Do you still stick to your statement “You cannot get infected by just looking”, even in 2016?

    Reply
  29. P. R. Affenpinscher

    May 13, 2016 at 12:30 pm

    I would like to alert folks that some spam emailers are able to defeat your mail settings to not show images from unknown senders. Recently Verizon switched residents of my state from Yahoo to AOL Mail and images are being shown in spam emails despite being set not to. I have switched off the preview pane in AOL mail and will see if this works but wanted others forced by Verizon into AOL to be aware.

    Reply
  30. bob

    February 27, 2017 at 9:40 pm

    What about looking at source code- or message source? Is that a safe way to check out an email before decidign whether to open or not?

    Reply
    • Mark Jacobs (Team Leo)

      February 28, 2017 at 7:02 am

      Viewing the source code would be safe, but if you read the article carefully, you would have seen that modern email programs offer adequate protection, so there’s no need to do that..

      Reply
    • Leo

      February 28, 2017 at 9:24 am

      Looking at message source should be safe.

      Reply
  31. Mark Jacobs (Team Leo)

    June 3, 2017 at 8:56 am

    “Never open an attachment unless you expect it, you’re positive you know what it is, and you trust the sender.
    Never click on a link in an email message unless you’re positive you know where it’s going, and you trust the sender.”

    Those 2 points can’t be stressed enough. An spammer can sent an email with a malware attachment or link and make it look like it came from a trusted contact. So I’d say trusting the sender is not enough. Just don’t open any attachment unless you were expecting it, even if it comes from a “friend”.

    Reply
    • Ray Smith

      June 3, 2017 at 11:00 am

      “Another layer of protection is to set Windows File Explorer to turn off hide extensions for known file types. ” – Or a company. Fake invoices are a pretty popular popular ways of spreading malware and some of the emails can be very convincing.

      Reply
  32. Mark Jacobs (Team Leo)

    June 3, 2017 at 9:33 am

    Another layer of protection is to set Windows File Explorer to turn off hide extensions for known file types. It’s a stupid default which allows hackers to disguise executable files as .jpg or .pdf etc.

    Gmail is great for this, as it refuses to send or receive emails with executable files, even hidden within .zip or .rar files. If you ever need to send an executable file in Gmail, change the extension and tell the recipient to change it back to .exe. That way they’ll also know that you’re are sending them the file and you can let them know what it is. A better method, however, would be to send it via Dropbox or OneDrive etc.

    Reply
    • Mark Jacobs (Team Leo)

      June 4, 2017 at 5:43 am

      Technically you are correct, but the average user or even tired experienced user might not pay attention to that.

      Reply
  33. Louis Govaert

    June 5, 2017 at 4:11 am

    Dear Leo,

    When I read all these comments I´m really astonished viewing that in the USA there are that much problems with viruses and malware.
    I´m living in Portugal (Europe) and I´m paying for Avast Premium and for having Malware Bites. I´m using also the protected browser from Avast
    and never have any problem with viruses or malware. The only thing that Malware bites is blocking are PUP´s….for the rest my computer is clean.

    From a map about risk zones in Europe it appears that Portugal seems to be in a low risk zone. Could that be the reason all is running that smoothly?

    Reply
    • Connie (Team Leo)

      June 5, 2017 at 8:06 am

      Low risk zone sounds like a reasonable explanation. I think it could be like the Mac vs. PC issue. Macs have been less targeted for viruses because they are a smaller market share, and so more work and less lucrative than PC’s to attack. I’m sure the US “Market” is much more lucrative, and thus we get more attacks.

      Reply
  34. Ron Kaplan

    June 6, 2017 at 8:36 am

    Why not add paypal as a method for folks to support your site?
    I started to do so today, but did not want to enter any credit card info.
    Just a suggestion…

    Reply
    • Leo

      June 6, 2017 at 10:06 am

      Paypal is absolutely one of the checkout options at my store: https://store.askleo.com

      Reply
  35. H Davis

    June 6, 2017 at 11:09 am

    I noticed the ad for the CyberPower Intelligent LCD Series UPS in the latest newsletter that lead me here. While I’m sure it’s a fine product it suffers from what I consider a near fatal deficiency; that is nearly all of its outlets are spaced close together. Unfortunately this is a universal affliction of these types of devices.

    I have found that a permanent supply of 1foot extension cords with a pass through plug on one end (like on Christmas tree light strings) are really useful in overcoming this problem. I have 5 wall wart type supplies connected to my UPS and it isn’t possible without these helpful little cords. You can either connect your wart to the end of the cord and still have the receptacle at the back of the plug available or in many cases you can plug the wart into the pass through plug if you have a conventional plug in the receptacles on each side of it.

    You can see what I’m talking about at: https://www.cyberguys.com/product-details/?productid=113741&rH=1214. I have no connection with these folks and Amazon has similar products from Ziotek.

    Now, of course, you have to decide if I’m a kook and have created a malicious Cyberguys link to lure you in to some malware trap. If you’re leery Google “power strip liberator” or Ziotek cords. Your choice.

    Reply
  36. johnpro2

    June 6, 2017 at 5:26 pm

    For dubious email links and attachments I sandbox the web browser(Chrome) using free version of Sandboxie or my email reader. (Outlook)
    I have not run a real time malware program since Microsoft stopped supporting Defender et al.
    I run Malwarebytes , Adwcleaner and Hijackthis every few months just in case. Nothing found for the last few years.

    Reply
    • Mark Jacobs (Team Leo)

      June 7, 2017 at 1:37 am

      None of those programs you mentioned are real antivirus programs. If you don’t run a real-time antimalware program, you might consider running a periodic antivirus scan with one of the popular free AVs such as Antivir, Avira or AVG,

      Reply
      • johnpro2

        June 7, 2017 at 2:41 am

        I realise this Mark 🙂
        The point of the exercise is to demonstrate, to myself at least, that malware normally requires some input from the computer operator.

        Reply
        • Mark Jacobs (Team Leo)

          June 7, 2017 at 6:27 am

          I hope you keep good up to date backups. Since the turn of the millennium, I’ve only got hit with malware twice. Not bad, but when hit it still would have been very serious. Both times, I simply restored from my backup. Even so an AV program is a good idea. The most effective malware sits on your computer quietly doing its damage like stealing passwords or sending spam etc. I

          Reply
  37. rob

    June 13, 2017 at 5:13 pm

    hi mark i opened an email and attachment on the computer at the local library,and then quickly deleted it, i suspect it could have had spyware in it. could it be possibly it has planted spyware on my home computer even though i opened and deleted it at the library?thanks rob

    Reply
    • Mark Jacobs (Team Leo)

      June 14, 2017 at 11:54 am

      Unless you accessed that email on your computer, it wouldn’t have infected your computer. In order to get infected you have to run that malware program on your computer.

      Reply
  38. Robert Reid

    June 23, 2017 at 2:51 pm

    https://www.digitaltrends.com/computing/powerpoint-malware-runs-with-only-a-mouse-hover/

    Reply
    • Leo

      June 24, 2017 at 2:40 pm

      Keep your software up to date. Vulnerabilities like this are quickly fixed.

      Reply
  39. Gareth

    September 27, 2017 at 7:36 am

    Hi Leo, I too opened an unknown email with no links or attachments via the yahoo mail app but am know a lot less worried thanks to your thread. I’m not the most computer savvy however with things like this so I have a few questions that I would appreciate you or your team could help me with.
    1 the message simply asked how I was and am i right in assuming that it was sent to verify if my email address was live so the source could send more emails in future?
    2 I clicked reply to see the email address it was sent from but didn’t actually send a reply. Was that OK to do?
    3 Does it matter how many times you open an email like that? and am guessing no?
    And finally…
    3 regarding AV programmes is avg free sufficient for protection or is Avg pro or similar programmes that you have mentioned in this thread essential?

    Reply
    • Mark Jacobs (Team Leo)

      September 27, 2017 at 9:06 am

      1. That’s a reasonable assumption.
      2. Unless you click send, it only creates the email and sends nothing to the spammers.
      3. Leo recommends the built in Windows Defender (or Microsoft Security Essentials for older versions of Windows), although he also has good words for AVG, Avast and Avira.

      The free versions find malware just as well as the paid versions. The paid versions have more features. You’d have to decide whether you find that you want those features. Personally I’m happy with Defender and the built in Windows firewall. I have Malwarebytes and a Avira installed, but not in real time scanning mode.

      Reply
    • Leo

      September 27, 2017 at 4:18 pm

      1. Probably, but it’s sometimes hard to know why spammers send some of the mails that they do.
      2. Probably OK yes.
      3. Nope.
      4. My anti-malware recommendations are here: https://askleo.com/what_security_software_do_you_recommend/

      Reply
  40. Brian Davis

    October 4, 2017 at 7:19 pm

    A small number of my email subscriptions have advertising feeds that are not controlled by the email sender, just like you see on many websites. Can you get malvertising problems from those? Due to that concern I allow Thunderbird to block the remote content in those messages.

    Reply
    • Mark Jacobs (Team Leo)

      October 5, 2017 at 2:20 am

      You wouldn’t get any malware from the remote site unless you clicked on that link and went to that website. Blocking remote content would further protect against even seeing that web content in your email. Most email programs and webmail sites automatically block downloading remote content. It’s a good idea to keep that block in place and on a case by case basis allow remote content from sites you trust.

      Reply
  41. H. Tucker

    April 23, 2018 at 9:02 am

    Leo wrote: “Viruses are usually attachments, but they;re often also transmitted by links in the email that people click on”.

    Can you elaborate on what happens when a link is clicked? Does just going to the site transmit viruses or malware or is further action (e.g. download) required?

    Reply
    • Mark Jacobs (Team Leo)

      April 23, 2018 at 10:24 am

      There are sites which can exploit vulnerabilities when you visit them.

      Reply
    • Leo

      April 23, 2018 at 11:05 am

      Both. Sometimes simply visiting the site is enough, depending on many things. More often, though, it’s a download that they somehow trick you into actually running. (For example a fake Adobe Flash update.)

      Reply
  42. James

    November 20, 2018 at 3:28 am

    I just opened an email message that my account was hacked and the name was my main email account, it said on the message that the timer starts when i opened the message, I am in trouble rn and I can’t calm down tbh, I just deleted it right after reading the message, there was no links or attachments to it, just a full message concerning about my email and such. It did actually knew my password though i already changed my password on before the hacker even send the message earlier

    Reply
    • Mark Jacobs (Team Leo)

      November 20, 2018 at 5:02 am

      It’s just a scam email. You haven’t been hacked.
      https://askleo.com/has-a-hacker-really-hacked-my-email-account/

      Reply
  43. James

    November 20, 2018 at 5:28 am

    Thank you for the reply, I can rest in peace now, well not literally but yeah
    The link you gave me is actually what happened with me earlier, thank you so much for linking that
    I will be more careful from the future.

    Reply
  44. ggram

    November 20, 2018 at 10:56 am

    Received an fake confirmation email saying “thank you for your purchase “ with a bunch of numbers , It looked off but I opened it and it automatically started a download I clicked off it fast . Has the phone been hacked ?

    Reply
    • Ggram

      November 20, 2018 at 11:02 am

      I did not click on a link just went to view email it had a blue download line right away

      Reply
  45. Ggram

    November 21, 2018 at 6:50 am

    Find anything on this sort of email ?

    Reply

Leave a reply:

Before commenting please:

  • Read the article. Comments indicating you've not read the article will be removed.
  • Comment on the article. New question? Start with search, at the top of the page. Off-topic comments will be removed.
  • No personal information. Email addresses, phone numbers and such will be removed.
  • Add to the discussion. Comments that do not — typically off-topic or content-free comments — will be removed.

All comments containing links will be moderated before publication. Anything that looks the least bit like spam will be removed.

I want comments to be valuable for everyone, including those who come later and take the time to read.

Cancel reply

Your email address will not be published. Required fields are marked *

Creative Commons License
This work by Ask Leo! is licensed under a
Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Additional information is available at
https://askleo.com/creative-commons-license/.

  • Terms
  • Ads vs. Recommendations
  • Reviews & Affiliate Disclosure