Can you get a virus from opening an email?

Can you get a virus from opening an email?

Since the rapid evolution of the Internet, viruses and malware software have become an increasing hindrance for the comfort and safety of users navigating the world wide web. Among all the ways of how your PC or device can become infected, email is one of the more frequent methods for distributing viruses. Email Malware Distribution (or EMD) the method used by hackers to spread malware by sending it via email (in hopes that users will access its content). 

Before we jump in, remember that it is a thing of the past to get infected just by opening an email. The “click and open” action will not lead to getting your device infected in today’s realities since there are many ways to battle viruses. Still, sometimes less tech-savvy users have questions or confusion regarding how to deal with email viruses. Don’t worry we got you covered.  

How did computers get infected with viruses in the past?

For context, people always enjoyed chatting via text messages. Writing emails was a more complex and personalized way of doing so. And since we didn’t have the data plans with close to unlimited bandwidth from our telecommunication providers, sending an email was a mainstream way to send texts. Throughout the start of the email messaging age, folks started to exchange information and communicate frequently with text messages. The market for email services was developing. In a world where the email communication market was growing, there appeared the desire for personalization of content.

Simple texts were not enough – consumers wanted varieties, companies and advertisers needed more unique selling points and content (image placement in emails, videos, colors). So email service providers delivered on what customers wanted. Enter HTML and JavaScript. By including the HTML format to emails ( the same format web pages use) they incorporated an entire system that made the email similar to a web-browser application within the client. Users could navigate the HTML email message as if it was a web site. Text color variety, content all became available and simple text messaging evolved via code. Speaking of code, emails ran JavaScript. Java is a programming language that allows the automation of many things and in its earlier days, hackers used this tool (integrated into emails) to cause a lot of issues. To illustrate an example that was quite famous, Windows Outlook (remember Windows 95) ran the Java scripts automatically, an email didn’t even need to be opened. Just by previewing (clicking), the email would automatically open that dynamic HTML email. It contained viruses of various complexity and sizes (Trojan and worm malware) and entered the system. The spread from one PC to another happened via the forward button and since not a lot of users were informed back then, you can imagine how easily a virus could infect a lot of hardware – “I’m just going to send this interesting email to my friend here”.

Emails and viruses today

Today JavaScrip and email clients don’t go well together, so this programming language isn’t used anymore in emails. There are no more easily accessible scripting solutions for hackers and as a result, a lot of pre-load or preview of content that loaded automatically (as hackers wished) came to a stop. Not only this, but in our interconnected cloud-oriented digital world, solutions to malware and security programs are much quicker resolved by companies. The JavaScript, HTML mix vulnerability was fixed, but unfortunately, hackers also have got access to many tools to bypass systems. We will list a few techniques utilized today. Most have security measures to counter them, but it is good to stay informed.

One example is when email hackers use the “press this link to access” option meaning if you are not careful enough, opening a link can lead to inconvenience. Some links are embedded, meaning they appear with an image or attractive messaging in order to further lead you to open the website. Nonetheless, a lot of these links are considered as a “threat” by your browsers so there are multiple security checks, that can mitigate human error. Stay safe!

Attachments from untrusted sources can also pose a threat. Be aware of suspicious, .zip files or data that requires download from your email to your device. The simple solution is to simply permanently delete such messages from your email service provider (Gmail, Outlook, Thunderbirds, etc.). In the worst-case scenario, that is if you actually downloaded an opened infected file, make sure to have a reliable antivirus program that can detect, quarantine and permanently remove the threat from your computer or device. Most antiviruses are also integrated with your browser (Chrome, Firefox, Explorer, Opera), which means extra protection from malicious cyber intent.

Last, but not least, a common method that hackers use is called Phishing – remember websites that once opened immediately send you to a page where “all you need to do” is enter your credentials and credit card number? In the context of internet security, phishing is coupled with social engineering that utilizes the basic psychology behind the human mind, manipulating it to make users open emails. “You just won the prize!” or “Claim your reward!”, “Give us your account so we can transfer money to you!”, are just a few examples and messages that you should be aware of in this day and age. Pay close attention to a link’s name (it is “Paypal”, not “Paypaly”), enable two-step verification linked to your mobile device to stay double protected. Recognize threats by examining the contents of the entire email carefully for signs of anything unclear, whether it is an unknown sender, typos, or content discrepancies that make an email look unrealistic.

Internet security know-how

  • Emails are not the only way hackers spread malware in the digital day and age. Some of the more complex approaches are infected torrent downloads, malicious, websites that push your hardware to automatically download data (i.e.document), Wi-Fi hotspot strikes (accessing your device by breaking the security of a public Wi-fi connection), viruses located on USB or storage devices (hard disks, memory cards).
  • Update your Operating system (Windows or Linux) with the latest security options such as antivirus programs, Windows defender updates, etc. Make sure they are integrated with your internet browser.
  • Be wary of unsecure, suspicious websites sites that post an excessive amount of pop-ups, suspicious click-bait ad placements, vague content description.
  • When using public Wi-fi spots, be sensible on the websites you use. Try to stay clear of websites that have your personal data, bank account, etc. As a rule of thumb, Paypal or other secure relevant services should be accessed from personal or more secure connections than public Wi-fi spots.
  • Don’t save your credentials on websites that you don’t tend to use for longer periods. Remove the save password and login options from these websites.
  • Double-check for imposter websites as mentioned above (Paypaly vs Paypal)
  • Scan any suspicious data on your device using your antivirus or simply delete it if you are not feeling secure. This procedure is just as important when inserting and removing a USB or hard disk on your PC.
  • Nowadays using a credited VPN is a great source for additional security when browsing the internet
  • Train yourself to look for signs of unclear and dubious emails and avoid clicking on attachments or links included. 

Overall in terms of outcome –  protection today beats malware and you are safe as long as you remain vigilant of what emails you open and stay up-to-date with your security options on your device(s). Stay safe and for everything relating security and tech trends, keep Techfiddling.

Leave a Reply