Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Do Gmail Preview Images Pose a Security Risk?

Question: My question is somewhat similar to what others have asked before, but this time, I explicitly want to talk about Gmail. As you 
know, some attachments show a thumbnail of its contents on the email footer. There are times that I receive legitimate emails by mistake, so I open the email to reply and notify about it. By doing that and by being able to see the 
preview thumbnail, am I putting my computer at risk of malware? I never download things that I’m not expecting, but I’m 
unsure if just having this “default preview” setting, I may actually be executing whatever there could be without really knowing it.

By now, it’s just good common sense to turn off images in your email viewer. That prevents spammers from using images embedded in a message to confirm that they’ve found a real email address where someone actually reads their email.

Attachments, on the other hand, are a little different. They typically make it to your inbox, and your security depends on your ability to distinguish between safe and unsafe attachments. By now, you should know only to open attachments that you know are safe.

Google occasionally includes preview images of your attachments. Because attachments can be dangerous and images are sometimes an invasion of privacy, is there an issue here?

Not really. In fact, it’s just the opposite. I’ll explain why.

Become a Patron of Ask Leo! and go ad-free!

Attachments and preview images

With Gmail, you are perfectly safe displaying attachment preview images for three reasons:

  • If it’s present, the image is not the attachment. It’s a picture of the attachment, but it doesn’t include any of the functionality of the attachment. One comparison might be the difference between a gun and a picture of a gun.
  • A preview image is created by Gmail. So the image itself is created by someone you trust, who already knows your email address is valid, and that you’re opening your email.
  • Gmail’s spam filter is extremely good. When you receive a message, Gmail analyzes whether or not the email contains a malicious attachment. If Gmail thinks it does, it’s going to put the message in your spam folder or warn you in some other way. That’s one of the reasons why I recommend Gmail so often. (And if there is a preview of the attachment, that preview remains safe – remember, it’s just a picture.)

The preview might actually make you safer

So the preview image itself is safe. When present, however, it can actually make you safer.

For example, you receive an email from someone with an attachment and Gmail displays that attachment with a preview. Perhaps it’s from someone you know, but you weren’t really expecting the attachment. Or maybe you were expecting it, but you’d forgotten.

Before you open the attachment, you glance at the preview. By displaying what’s inside the attachment, Gmail’s giving you more information that you can use to determine whether or not the attachment is something you trust and should open or something you should avoid.

Preview versus View using Google Docs

Attachment in GmailWhen it comes to attachments, Gmail also does something kind of neat. If the file you receive is a file type that Google recognizes, like say a Word document or a PDF file, Gmail will offer to allow you to view the actual document using Google Docs, their online application suite, instead of actually downloading the document to your machine.

By doing that, Google opens and decodes the document and then displays it in a separate browser tab or window as a web page.

This is typically a safer approach than downloading the document to your machine.

“View” is a good way of seeing the entire document full size with a little bit more security than actually downloading to your machine.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

2 comments on “Do Gmail Preview Images Pose a Security Risk?”

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.