We’re constantly warned not to click on suspicious emails, but simply opening one could be just as damaging.
As of March 2018, it’s estimated that almost 50% of all email traffic worldwide is unwanted spam.
While junk mail filters are usually pretty good at catching the most obvious spam, cleverly crafted phishing emails, and a handful of spam messages, occasionally manage to break through these filters and wind up in our inbox.
Of course, replying to one of these emails, clicking a link, or downloading any attachments included in the email can be a fairly risky affair, with many containing malware or leading to a phishing website.
While we’re all aware that interacting with a malicious or spam email can be potentially dangerous, many aren’t aware that simply opening a junk email for a few seconds can be just as dangerous and revealing as downloading that attachment.
What happens when you open an email
When you open an email, several things start happening in the background to allow it to display properly on your device.
Often, if an email includes pictures or resources – like special fonts – these are downloaded from the sender’s own web server and while many legitimate businesses use this to make more visually appealing emails, these techniques can be abused by fraudsters to find out more about you, and your device.
The risk of such downloads is the reason images are often removed by your email program, as in this (perfectly legitimate) email to loveMONEY:
For example, when an email app opens a message with an embedded image, a lot of information is sent to the server that’s hosting the image.
This information can include an IP address, device type, operating system version, geographical location, screen size, device language, device time, and much more.
At first glance, the information sent from your device doesn’t seem as if it could be useful but malicious parties can piece together the data in seconds and build up an accurate picture of potential victims – even if the email is deleted almost immediately after opening.
Gathering your information
Using the data gathered from an initial email, fraudsters can combine seemingly innocent pieces of data, such as IP address, time zone, and software version, to send a more tailored email in the hopes that it’ll grab a victim’s attention more than the initial bait email.
For example, an automatic email could be sent to targets that open the initial email who live in London with iOS version 9 or lower offering them a great deal on an upgrade at the local Apple store.
Making the email slightly believable (rather than “too good to be true” style deals) could entice a target into clicking a link and potentially giving away personal information – especially if it’s sent after the store is closed.
By relying on metrics, stats, and analytics, fraudsters can also gauge how successful a spam campaign is, whether an email address is active, how likely someone with a specific brand of phone is to open a fake email, or how many times a particular user opened their email.
This allows them to sell their spamming services to other criminals with a proven track record of how many potential victims they can get to open an email.
With the rise of phishing emails masquerading as legitimate companies, many businesses have started trying to gather intelligence themselves on what types of phishing emails are currently popular, or if the targeted customers share any similarities.
Often, these companies will ask for any suspicious emails to be forwarded on to their security team so that they can better understand the current threats.
While this practice should be encouraged if an email has been opened accidentally, it is worth noting that if the email in question contains a remote image or “tracking pixel”, this can gather information while it’s being forwarded.
More irritatingly, this can also confuse your spam mail filters if the suspicious email is moved back and forward from the junk mail folder to the inbox, or forwarded on, leading to more spam mail being delivered to the inbox.
How can I stay safe?
While fraudsters will continue to leverage every piece of technology available to them to get past junk mail filters and gather information as quickly as possible, there are still a few things we can do to fight back.
Here are some top tips on how to keep your inbox safe:
- Disabling “load remote content and images” can stop your email app from downloading images or scripts automatically when opening an email (as pictured above)
- Sending junk and malicious emails to the spam folder immediately, rather than just deleting, will train the spam filter to look out for similar emails and mark those as junk.
- If forwarding emails to Action Fraud, or a company for analysis, always forward as attachments rather than forwarding on directly.
If you receive a suspicious looking email contact Action Fraud
Be the first to comment
Do you want to comment on this article? You need to be signed in for this feature