Why is it dangerous to open a suspicious email?

There is a small risk of an unknown bug — or a known but unpatched one — in your mail client allowing an attack by just viewing a message.

I think, though, that this very broad advice is also given as a defense against some types of phishing scams. Social engineering attacks are common and can lead to serious trouble. Making sure people are at least suspicious is a first line of defense. It is like telling an elderly grandparent to never give their credit card info over the phone — okay, sure, there are plenty of circumstances where doing that is relatively safe, but when they keep getting scammed over and over, it's easier to just say: don't do it.

Likewise, not opening mail keeps you from reading about the plight of an orphan in a war-torn region who has unexpectedly found a cache of Nazi gold and just needs $500 to smuggle it out and they'll share half with you, and your heart just goes out, and also that money wouldn't hurt.... Or, while you know the rule about attachments, this one says that it's pictures of the cutest kittens ever, and how can that be harmful — I'll just click it and okay now there are these boxes saying do I want to allow it, which is annoying because of course I do because I want to see the kittens....


Not for gmail, but for Outlook there have been a number of "preview pane" exploits where simply looking at the email is enough to compromise: Can malware be activated by previewing email in Outlook's Preview pane?


Even if nothing actively bad happens, many passively bad things can happen -- for example, you might view a one pixel transparent image tagged with your email address that flags you as the kind of person who opens and reads suspicious email. Those are lists that you don't want to be on.

Tags:

Email

Xss