PDA

View Full Version : How to safely open a suspicious email?



Robin S_
26-05-2013, 03:38 PM
Yes, I know well that the normal answer is 'You don't!' and I normally don't. However, in this case I have been trying to email a govt department which is renowned for its extreme tardiness. I sent an email a few weeks ago by their internal process (can't remember whether it was using a form or not) and today I got an email which I suspect is a response. The problem is that the sender is "Individuals email" and the subject is "Re: Send an Enquiry Form submission", which is very noninformative. It has no attachment. Telephoning them to check on its validity is out of the question as you could write a book while waiting for a human to answer (that is why I emailed them in the first place!) and the call is often disconnected after about 20 minutes of waiting anyway. So if it is a genuine reply I don't want to trash it as that would kill my enquiry and I would be back to square one.
I am sure I have read somewhere (? on this forum) that it is possible to quarantine an email and open it in a safe environment. Is that possible and practical? I don't use email preview as my understanding is that that can trigger an undesirable payload. My email is live scanned with Avast but that is probably not bulletproof (nothing was reported for this one).

Would be grateful for any help. TIA

Using Eudora client and Fastmail email service.

jayal
26-05-2013, 10:49 PM
I'm using O E - this works, rt click the email, properties, details, message source - read all about it

Billy T
26-05-2013, 11:26 PM
I screen all incoming mail through Mailwasher. It lets me read both the message itself and the full header information. I don't like any system that requires me to download an email before I can check it and the number of times that I found the sneaky xxxx.pdf.zip was quite frightening. On an allied matter, the recent burst of Australian-based scams emails that were using very good copies of genuine sites has now abated. At one stage they were coming in at two or three per week, and all were carrying the names of respected businesses, but thankfully Mailwasher revealed all.

Cheers

Billy 8-{)

wainuitech
26-05-2013, 11:31 PM
I screen all incoming mail through Mailwasher. It lets me read both the message itself and the full header information. I don't like any system that requires me to download an email before I can check it and the number of times that I found the sneaky xxxx.pdf.zip was quite frightening. On an allied matter, the recent burst of Australian-based scams emails that were using very good copies of genuine sites has now abated. At one stage they were coming in at two or three per week, and all were carrying the names of respected businesses, but thankfully Mailwasher revealed all.

Cheers

Billy 8-{) :+1:

Mailwasher is good for that.

Got one today that was meant to be from Paypal -- Saying my account had attempted to be accessed three times and was now locked because of incorrect details and I was asked to log in to confirm my details, of course by the supplied link ;) . - Mailwasher actually showed the real address - completely fake / Scam.

Whats the FUNNY part Is I DONT even have a paypal account :)

linw
27-05-2013, 09:29 AM
Don't know about Eudora but Thunderbird has a rt-click option called PrintPreview. I have used this to see doubtful content. May be Eudora has something similar?

dugimodo
27-05-2013, 09:40 AM
I think opening mail is relatively safe providing you don't click any links or run any attachments, using a web mail client is probably a little safer than a local client for suspect E-mail though. I think the worst risk is actually confirming your E-mail address is active by opening it and therefore getting more spam.

I read most of my e-mail on my phone or tablet for convenience and as a bonus I suspect most malicious mail target windows and is harmless to android.

Iantech
27-05-2013, 11:16 AM
As it has no attachment, you should be ok to open it - as dugi said, dont click any links etc contained in the email - unless you know where they are going. I think you have been misinformed regarding the email preview window. "preview" means just that, nothing is executed unless you open an attachment manually, however double clicking an email to read it in a seperate window can automatically execute a malicious attachment. I have seen it happen and always recommend to my clients that they use a preview screen. A good AV programme should be able to detect and remove any threat anyway if its doing its job properly.

1101
27-05-2013, 11:57 AM
Dont assume it would ever be safe to open it. There have in the past been security holes that only required autopreview to get infected.
Also depending on the email program & settings, some links embedded in emails MIGHT BE automatically opened (sort of)

right click, preview, look at the senders 'REAL' email address

Paul.Cov
27-05-2013, 07:27 PM
This won't work if you're iewing it off a remote email server, but if you DL it to your local inbox, you can then disconnect from the net (pull the plug to be sure) and your system should scan the file.

As said above, risk is lower without an attachment, but still not nil risk.

I'd use something other than an MS product (if possible) to DL and read the email, since MS APIs get the most attention from hackers.

Despite using Mailwasher myself, I do not extend much trust in it, as it most likely takes the simple approach of using MS APIs again for easy access to the mail servers, so will share the same vulnerabilities (and maybe more) of any other MS app.

From what you've already described, I feel the message will likely be entirely benign.

Robin S_
27-05-2013, 11:14 PM
Thanks for the replies, peoples. I will do some follow-ups and report back (may be a couple of days before I get the chance).

Robin S_
28-05-2013, 02:08 PM
Problem solved - thanks again for the contributions. As I suspected it was a genuine reply with weird Sender name and Subject.

Jayal - tried your method with IE. I didn't get the same R click options (I clicked on the message listing in the provider's inbox, not in Eudora - is that the way you meant?) but I did get a Print option. In the light of info in other posts I decided it would probably be safe to try that (because it is not necessary to open the message to print it). Worked fine.

Linw - Eudora doesn't have the PrintPreview option you described.