Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Do Gmail Preview Images Pose a Security Risk?

My question is somewhat similar to what others have asked before, but this time, I explicitly want to talk about Gmail. As you 
know, some attachments show a thumbnail of its contents on the email footer. There are times that I receive legitimate emails by mistake, so I open the email to reply and notify about it. By doing that and by being able to see the 
preview thumbnail, am I putting my computer at risk of malware? I never download things that I’m not expecting, but I’m 
unsure if just having this “default preview” setting, I may actually be executing whatever there could be without really knowing it.

By now, it’s just good common sense to turn off images in your email viewer. That prevents spammers from using images embedded in a message to confirm that they’ve found a real email address where someone actually reads their email.

Attachments, on the other hand, are a little different. They typically make it to your inbox, and your security depends on your ability to distinguish between safe and unsafe attachments. By now, you should know only to open attachments that you know are safe.

Google occasionally includes preview images of your attachments. Because attachments can be dangerous and images are sometimes an invasion of privacy, is there an issue here?

Not really. In fact, it’s just the opposite. I’ll explain why.

Become a Patron of Ask Leo! and go ad-free!

Attachments and preview images

With Gmail, you are perfectly safe displaying attachment preview images for three reasons:

  • If it’s present, the image is not the attachment. It’s a picture of the attachment, but it doesn’t include any of the functionality of the attachment. One comparison might be the difference between a gun and a picture of a gun.
  • A preview image is created by Gmail. So the image itself is created by someone you trust, who already knows your email address is valid, and that you’re opening your email.
  • Gmail’s spam filter is extremely good. When you receive a message, Gmail analyzes whether or not the email contains a malicious attachment. If Gmail thinks it does, it’s going to put the message in your spam folder or warn you in some other way. That’s one of the reasons why I recommend Gmail so often. (And if there is a preview of the attachment, that preview remains safe – remember, it’s just a picture.)

The preview might actually make you safer

So the preview image itself is safe. When present, however, it can actually make you safer.

For example, you receive an email from someone with an attachment and Gmail displays that attachment with a preview. Perhaps it’s from someone you know, but you weren’t really expecting the attachment. Or maybe you were expecting it, but you’d forgotten.

Before you open the attachment, you glance at the preview. By displaying what’s inside the attachment, Gmail’s giving you more information that you can use to determine whether or not the attachment is something you trust and should open or something you should avoid.

Preview versus View using Google Docs

Attachment in Gmail When it comes to attachments, Gmail also does something kind of neat. If the file you receive is a file type that Google recognizes, like say a Word document or a PDF file, Gmail will offer to allow you to view the actual document using Google Docs, their online application suite, instead of actually downloading the document to your machine.

By doing that, Google opens and decodes the document and then displays it in a separate browser tab or window as a web page.

This is typically a safer approach than downloading the document to your machine.

“View” is a good way of seeing the entire document full size with a little bit more security than actually downloading to your machine.

Posted: May 9, 2013 in: Google Mail (Gmail)
Tagged: , ,
« Previous post:
Next post: »

New Here?

Let me suggest my collection of best and most important articles to get you started.

Of course I strongly recommend you search the site -- there's a ton of information just waiting for you.

Finally, if you just can't find what you're looking for, ask me!

Confident Computing

Confident Computing is the weekly newsletter from Ask Leo!. Each week I give you tools, tips, tricks, answers, and solutions to help you navigate today’s complex world of technology and do so in a way that protects your privacy, your time, and your money, and even help you better connect with the people around you.

The Ask Leo! Guide to Staying Safe on the Internet – FREE Edition

Subscribe for FREE today and claim your copy of The Ask Leo! Guide to Staying Safe on the Internet – FREE Edition. Culled from the articles published on Ask Leo! this FREE downloadable PDF will help you identify the most important steps you can take to keep your computer, and yourself, safe as you navigate today’s digital landscape.

My Privacy Pledge

Leo Who?

I'm Leo Notenboom and I've been playing with computers since I took a required programming class in 1976. I spent over 18 years as a software engineer at Microsoft, and after "retiring" in 2001 I started Ask Leo! in 2003 as a place to help you find answers and become more confident using this amazing technology at our fingertips. More about Leo.

2 comments on “Do Gmail Preview Images Pose a Security Risk?”

  1. “One comparison might be the difference between a gun and a picture of a gun.” Not a bad analogy, but kids have been expelled from school for having a picture of a gun 😉


Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.