Can open e-mail message be a problem?

[kaneohe]

I know you're not supposed to open attachments from links in e-mail
unless from trusted sources (and even then it could be bad guys masquerading as trusted sources) but can just opening an e-mail message
cause problems?

 

[Nuiloa]

Aloha

My IT guys tell me no. Opening an email is not the problem - opening the attachments can be a disaster.

 

[M Paquette]

I know you're not supposed to open attachments from links in e-mail
unless from trusted sources (and even then it could be bad guys masquerading as trusted sources) but can just opening an e-mail message
cause problems?

Sadly, yes. If you have a current antivirus setup running, make sure it is set to scan e-mails as well as downloads from your web browser.

The most common trick with e-mail currently is to include an image or PDF file that is constructed to cause what's called a 'buffer overrun', that is, it's designed to tickle an existing bug in image handling software to get your computer to execute some bit of code.

A close runner up is HTML mail, where opening the message may cause a new connection to the Internet to download some additional content, such as images, to complete the mail page. That content is corrupted in a way to exercise a bug as above.

Manufacturers of software are pretty good about patching these sort of problems with software updates. The attacks are usually aimed at somewhat older systems not likely to be patched.

 

[W2R]

I think it's good practice to just delete obvious spam e-mails without opening them. The IT people at my (former) agency didn't even want us to use the outlook preview pane in which you see inside a selected message while scrolling through the inbox.

http://answers.yahoo.com/question/index?qid=20100823081039AAAe0o1

 

[ERD50]

YES!

I gotta run, so can't provide links right now, but here is what can happen (and having 'preview' on counts as 'opening').

Bad guys send out emails with links back to a website (you see these all the time with real emails from real businesses - they link back to their sale pages, for example). But the link has a unique 'key#' assigned to it that hthey linked to your email address. If you open (or preview) the email, it accesses that site with the key#.

Now, the bad guys know that the email address is real, and that a real person looked at their email (because they know that key# accessed their site). You can count on lots more email from bad guys after this. This is true regardless your OS.

Other than that, I'm not aware that just opening can create other problems, but it might be possible.

I keep preview images off (you can still view the text), and don't open anything suspicious.

-ERD50

 

[ziggy29]

Just makes sure your e-mail client is not configured to open preview images or attachments automatically. You should use a default security settings that enables *none* of these things, and which force you to explicitly load or open them (and preferably straight to an anti-virus/malware program before running it).

 

[target2019]

Just opening an email can definitely be a problem. It is possible to include self-executing code in the email. However, most email clients in use have default settings to preclude this. In addition, the virus scanner most likely will trap the problem. Old versions of Outlook had this problem.

 

[kaneohe]

Thanks all for the replies. Sounds like the big problem is opening images and attachments. I don't do attachments and at times I have seen a message about images not being included for my safety........never knew whether this was the Mac doing that or the mail service...yahoo/hotmail. ..but better safe than sorry so I'll have to live with not reading the hello message from flower egg (who dat?) until I can get to the library.