Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Does opening an email create a security risk?


  • Please log in to reply
25 replies to this topic

#1 JayJax

JayJax

  • Members
  • 710 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lee's Summit Missouri
  • Local time:04:28 PM

Posted 05 September 2016 - 09:16 PM

I have had problems in the past with a Customer Survey pop-up that I was unable to resolve but somehow it seems to have "gone away".   But today I got an email from "Amazon" that said it had a special offer for me.   Since I do a lot of business with Amazon.com I opened the email and instantly regretted doing so because it was about a SURVEY and alarm bells started going off.   It said to visit a link and there would be some kind of reward (another key word from the previous problem pop-up).   I am very careful about url's anyway but as this one seemed suspicious I hit the spam key and the email was removed to the spam folder.   But now I am wondering if merely by opening the email i may have created a problem for myself.

 

Can some one give me an informed opinion about any possible ramifications.

 

I thoroughly despise scammers they need to get a life and I am convinced that had I been so foolish as to follow their url it would have been to my later regret.  I have a few pending issues with Amazon or I probably would have deleted the email straightaway.   IT DEFINITELY was someone up to no-good because the to/from etc was  Date: Wed, 31 Aug 2016 19:16:26 -0700 (PDT)
From: Thank You! AMAZON <foxyreaver@gmail.com>
To: Great_REWARDS <great_rewards@googlegroups.com>
Cc: air_line@aol.com
Message-Id: <48cc7bce-45ec-47da-a39b-16f3184d57c9@googlegroups.com>
    I hope it is okay that I posted the above information from the email.

 

  Anyway I am "concerned" and would appreciate enlightenment if anyone can help.   I do have Malwarebytes on my computer but I cannot tell if it runs in the background or not - I was thinking that it did.

 

I have two email addresses and one is with aol which I notice frequently lets spam thru whereas my other (gmail) catches almost all of it and I see the CC address above is also aol.

 

I have access to the entire email if needed - but it is in my spam folder.  I don't want to paste it here because I'm almost sure it contains harmful links/information.

 

I may try to contact Amazon.com to see if they have a spam department.


Edited by JayJax, 05 September 2016 - 09:33 PM.


BC AdBot (Login to Remove)

 


#2 MoxieMomma

MoxieMomma

  • Members
  • 471 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 06 September 2016 - 03:26 AM

Hi:

 

It sounds as if you have fallen victim to a spoof/phishing email scam.  In this case, it sounds like spear phishing.

The greatest risk would be from clicking the link. 

If you did not click the link, then you are probably OK.

>>>NEVER EVER open an email you do not expect, even if it comes from a sender you think you know.

>>>When in doubt, check the mail header before opening it.

 

As far as your Malwarebytes Anti-Malware, please click on the desktop shortcut icon.  Look at the ribbon at the top of the dashboard. It should say: Malwarebytes Anti-Malware Home (Premium) 2.2.1.1043.  If it says "Free", then, no, you do not have real-time protection.  MBAM Free is only a manual, on-demand scanner; there is no real-time protection.

Even with MBAM Premium, however, you still need a robust, real-time anti-virus (AV).  MBAM Premium is not an anti-virus, and is not a substitute for one.

 

While no security application can protect 100% of computers from 100% of malware 100% of the time, you might consider adding an additional layer of real-time support. Malwarebytes Anti-Exploit (MBAE) protects against the "how" of malware infection.  The Free version shields browsers and certain plug-ins.  The Premium version shields many types of programs by default and can be configured to shield your email client and any other internet-facing application.

 

There are also spam-filtering applications, such as Mailwasher Pro, that can help to filter these sorts of messages before they get to your computer. They provide a layer of security between your ISP or webmail server and your local computer.

 

Ultimately, however, the most important security component is the one between the chair and keyboard.

 

YES, Amazon does have a fraud-reporting department.  Sign in to your Amazon account. Click the "Help" tab in the ribbon at the top of the page.  In the search box, type "Report fraud". Click "Go". Click "Report a Phishing or Spoofed Email".

 

HTH,

MM


Edited by MoxieMomma, 06 September 2016 - 03:27 AM.


#3 RolandJS

RolandJS

  • Members
  • 4,533 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:04:28 PM

Posted 06 September 2016 - 04:54 AM

Also do not have preview panes operating; leave such off.  [Family cat was "attacking" me earlier, now I can finish...]  Preview panes open each and every email, that's how the pre-viewing can take place.


Edited by RolandJS, 06 September 2016 - 05:02 AM.

"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)


#4 JayJax

JayJax
  • Topic Starter

  • Members
  • 710 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lee's Summit Missouri
  • Local time:04:28 PM

Posted 06 September 2016 - 09:27 PM

Hi:

 

It sounds as if you have fallen victim to a spoof/phishing email scam.  In this case, it sounds like spear phishing.

The greatest risk would be from clicking the link. 

If you did not click the link, then you are probably OK.

>>>NEVER EVER open an email you do not expect, even if it comes from a sender you think you know.

>>>When in doubt, check the mail header before opening it.

 

As far as your Malwarebytes Anti-Malware, please click on the desktop shortcut icon.  Look at the ribbon at the top of the dashboard. It should say: Malwarebytes Anti-Malware Home (Premium) 2.2.1.1043.  If it says "Free", then, no, you do not have real-time protection.  MBAM Free is only a manual, on-demand scanner; there is no real-time protection.

Even with MBAM Premium, however, you still need a robust, real-time anti-virus (AV).  MBAM Premium is not an anti-virus, and is not a substitute for one.

 

While no security application can protect 100% of computers from 100% of malware 100% of the time, you might consider adding an additional layer of real-time support. Malwarebytes Anti-Exploit (MBAE) protects against the "how" of malware infection.  The Free version shields browsers and certain plug-ins.  The Premium version shields many types of programs by default and can be configured to shield your email client and any other internet-facing application.

 

There are also spam-filtering applications, such as Mailwasher Pro, that can help to filter these sorts of messages before they get to your computer. They provide a layer of security between your ISP or webmail server and your local computer.

 

Ultimately, however, the most important security component is the one between the chair and keyboard.

 

YES, Amazon does have a fraud-reporting department.  Sign in to your Amazon account. Click the "Help" tab in the ribbon at the top of the page.  In the search box, type "Report fraud". Click "Go". Click "Report a Phishing or Spoofed Email".

 

HTH,

MM

Thanks for the information - I feel somewhat reassured since I most definitely did not follow the link.   I checked and what I have is Malwarebytes anti-ransomware.   I will definitely follow-up with Amazon.  Your link about spear-fishing provided useful information.    I do have an account on Facebook but it is not for sharing personal  or family information and it contains nothing about me personally.   I did note recently (they are always changing the rules of the game (privacy) at Facebook and one thing that stood out to me that I was unhappy with was that there was no option for keeping your email address private - it defaults to FRIENDS can see it.   I have been thinking about dropping my FB account and here is yet another reason.     I hate how they keep changing the rules - I think they do that to give you a false sense of security - I resent their changing things without notice of course if challenged I'm sure there's a clause somewhere that says something that they would point to if challenged.  IS IT REALLY WORTH THE HASSLE AND THE RISK?  probably not.   I am SO GLAD I no longer use this for family matters.  Thanks for the heads-up and food for thought/serious contemplation.


Edited by JayJax, 06 September 2016 - 09:36 PM.


#5 JayJax

JayJax
  • Topic Starter

  • Members
  • 710 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lee's Summit Missouri
  • Local time:04:28 PM

Posted 06 September 2016 - 09:46 PM

Also do not have preview panes operating; leave such off.  [Family cat was "attacking" me earlier, now I can finish...]  Preview panes open each and every email, that's how the pre-viewing can take place.

Thanks for your suggestions - I checked my email settings on AOL where this mail was delivered and I DO NOT have preview panes set to open.   I'm curious what the harm is in preview? 

 

Interestingly enough AOL frequently REMINDS ME to use my FREE SECURITY checks provided as part of my account.   Since they do a poor job of catching spam I have no confidence in their security offers and have never used them.   It seems it is unwise to trust anyone - but I do trust Bleeping Computer based on previous experiences because NO MAN IS AN ISLAND and sometimes you gotta trust/confide-in/confer with someone.  

 

Anyone the old "me thinks he doth protest too much" could be translated to thinking that AOL does write me too often of its concern for my security - and I am therefore suspicious of its multiple solicitations.   Back in the day AOL had a bad reputation for refusing to close email accounts when requested to do so - I think if I recall there was a charge after the intro period and so by allegedly not closing it they could charge you.   In fact it seems they ACTIVELY ARGUED if you said you wanted to close your email to the point of being obnoxious.



#6 JayJax

JayJax
  • Topic Starter

  • Members
  • 710 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lee's Summit Missouri
  • Local time:04:28 PM

Posted 06 September 2016 - 09:49 PM

I wanted to add that I searched for that email address (foxyreaver) and found that they had complaints about similar messages about other companies than Amazon.

 

I'm wondering IF I somehow managed to contact google if they would be interested that one of their email addresses is being used for nefarious purposes.   But if I recall they are extremely hard to reach so not sure its worth the effort.



#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:28 PM

Posted 07 September 2016 - 06:12 AM

Most viruses, Trojan horses, and worms are activated when you open an attachment or click a link contained in an email message. If your email client allows scripting, then it is possible to get a virus by simply opening a message. It's best to limit what HTML is available in your email messages. The safest way to view email messages is in plain text.

US-CERT Virus Basics FAQs: Can I get a virus by reading my email messages? How can I avoid a virus infection from email?

..."drive-by emails" ...infect machines without having to open an attachment, download a file or click on a link. Simply opening an e-mail to read it is enough of a gateway for Trojans and other nasties to invade...The malware...consists of HTML e-mails containing a JavaScript that automatically downloads malware the moment it's opened

You can now get infected by opening an e-mail

Opening HTML or plain-text messages from unknown senders is just as dangerous as opening e-mail attachments from strangers. While most people may know not to open e-mail attachments, many don't realize that dangers can lie in the body of an e-mail as well. HTML e-mail or messages that contain embedded photos are just as dangerous. Embedded images and PDFs can contain malicious code that is harmful.

The 10 Most Dangerous Things You Can Do Online!

Opening...malicious word document will infect you if Macros are enabled and simply previewing it in windows explorer or your email client might well be enough to infect you...Do not open word docs received in an email without scanning them with your antivirus first and be aware that there are a lot of dodgy word docs spreading that WILL infect you with no action from you if you are still using an out dated or vulnerable version of word...

Malformed or infected word docs with embedded macro viruses

If you accidentally click a link in a suspicious email be aware of drive-by downloads. When you open a malicious or compromised web page, malicious code can download in the background and be installed on the computer without your knowledge. To learn more about this method of infection, please read Anatomy of a drive-by download web attack.


You may also want to read this BC Discussion topic...Can you get infected just by opening suspicious email?


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 MoxieMomma

MoxieMomma

  • Members
  • 471 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 07 September 2016 - 06:29 AM

Hi, @JayJax:

 

@quietman7 has provided the best, most comprehensive and authoritative reply to address the subject, bar none.  I suggest following the advice there...

 

You wrote:

 

I checked and what I have is Malwarebytes anti-ransomware.

 

Please be aware of the following:

  • MBARW-BETA is a BETA tool that should not be used in a production environment (in other words: on your main computer), as advised HERE
  • There is a NEW BETA (BETA 8) released yesterday
  • MBARW-BETA is one specific and specialized tool to prevent certain types of malware.  If you want broader, real-time anti-malware and/or anti-exploit protection alongside your AV, then you'll need MBAM (Malwarebytes Anti-Malware) Premium and perhaps MBAE (Malwarebytes Anti-Exploit), or similar applications from different software vendors
    • MBAE Premium can be configured to shield your email client (and any other internet-facing application)

Cheers,

MM



#9 RolandJS

RolandJS

  • Members
  • 4,533 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:04:28 PM

Posted 07 September 2016 - 12:26 PM

My previous post about preview panes is woefully incomplete!  There are many factors to consider; simply follow Quietman7's advice in his informative posts -- you cannot go wrong!   :)

 

Here is what I was thinking about during my earlier post:  long ago, when viewing emails as htmls became possible and popular, there was a smattering of "web bots" which could be activated purely by opening an email containing such "web bot[s]"  -- my Norton Anti-Virus shutdown a remaining piece or two of those "web bots".  Not knowing just how many and what kind of "web bots" still exist -- I have my preview pane function inactive.


Edited by RolandJS, 08 September 2016 - 09:26 AM.

"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)


#10 JayJax

JayJax
  • Topic Starter

  • Members
  • 710 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lee's Summit Missouri
  • Local time:04:28 PM

Posted 08 September 2016 - 02:09 PM

 

Most viruses, Trojan horses, and worms are activated when you open an attachment or click a link contained in an email message. If your email client allows scripting, then it is possible to get a virus by simply opening a message. It's best to limit what HTML is available in your email messages. The safest way to view email messages is in plain text.

US-CERT Virus Basics FAQs: Can I get a virus by reading my email messages? How can I avoid a virus infection from email?

..."drive-by emails" ...infect machines without having to open an attachment, download a file or click on a link. Simply opening an e-mail to read it is enough of a gateway for Trojans and other nasties to invade...The malware...consists of HTML e-mails containing a JavaScript that automatically downloads malware the moment it's opened

You can now get infected by opening an e-mail

Opening HTML or plain-text messages from unknown senders is just as dangerous as opening e-mail attachments from strangers. While most people may know not to open e-mail attachments, many don't realize that dangers can lie in the body of an e-mail as well. HTML e-mail or messages that contain embedded photos are just as dangerous. Embedded images and PDFs can contain malicious code that is harmful.

The 10 Most Dangerous Things You Can Do Online!

Opening...malicious word document will infect you if Macros are enabled and simply previewing it in windows explorer or your email client might well be enough to infect you...Do not open word docs received in an email without scanning them with your antivirus first and be aware that there are a lot of dodgy word docs spreading that WILL infect you with no action from you if you are still using an out dated or vulnerable version of word...

Malformed or infected word docs with embedded macro viruses

If you accidentally click a link in a suspicious email be aware of drive-by downloads. When you open a malicious or compromised web page, malicious code can download in the background and be installed on the computer without your knowledge. To learn more about this method of infection, please read Anatomy of a drive-by download web attack.


You may also want to read this BC Discussion topic...Can you get infected just by opening suspicious email?

 

 

Thank you this is all very important information to be aware of and I plan on sharing it with others - they are always ceaselessly working to take advantage of others anyway they can.   Alarming but KNOWLEDGE IS POWER Thank again!



#11 JayJax

JayJax
  • Topic Starter

  • Members
  • 710 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lee's Summit Missouri
  • Local time:04:28 PM

Posted 08 September 2016 - 02:11 PM

Hi, @JayJax:

 

@quietman7 has provided the best, most comprehensive and authoritative reply to address the subject, bar none.  I suggest following the advice there...

 

You wrote:

 

I checked and what I have is Malwarebytes anti-ransomware.

 

Please be aware of the following:

  • MBARW-BETA is a BETA tool that should not be used in a production environment (in other words: on your main computer), as advised HERE
  • There is a NEW BETA (BETA 8) released yesterday
  • MBARW-BETA is one specific and specialized tool to prevent certain types of malware.  If you want broader, real-time anti-malware and/or anti-exploit protection alongside your AV, then you'll need MBAM (Malwarebytes Anti-Malware) Premium and perhaps MBAE (Malwarebytes Anti-Exploit), or similar applications from different software vendors
    • MBAE Premium can be configured to shield your email client (and any other internet-facing application)

Cheers,

MM

Thanks very much I appreciate all this information - all of us out here need to be aware - and I guess they are always looking for new ways to get to us.   I wish they would get a life, take a hike and leave me alone but NOT LIKELY!



#12 JayJax

JayJax
  • Topic Starter

  • Members
  • 710 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lee's Summit Missouri
  • Local time:04:28 PM

Posted 08 September 2016 - 02:15 PM



My previous post about preview panes is woefully incomplete!  There are many factors to consider; simply follow Quietman7's advice in his informative posts -- you cannot go wrong!   :)

 

Here is what I was thinking about during my earlier post:  long ago, when viewing emails as htmls became possible and popular, there was a smattering of "web bots" which could be activated purely by opening an email containing such "web bot[s]"  -- my Norton Anti-Virus shutdown a remaining piece or two of those "web bots".  Not knowing just how many and what kind of "web bots" still exist -- I have my preview pane function inactive.

Thanks for your diligence in clarifying your response.    I appreciate all your help and recommendations - the time to avoid trouble is BEFORE it happens - makes sense to me.



#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:28 PM

Posted 08 September 2016 - 04:01 PM

You're welcome on behalf of the Bleeping Computer community.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 JayJax

JayJax
  • Topic Starter

  • Members
  • 710 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lee's Summit Missouri
  • Local time:04:28 PM

Posted 09 September 2016 - 11:01 AM

You have motivated me to investigate NoScript for my email (I primarily use Firefox) and see that there are many add-ons offering some form of No-Script and see that NOTHING IS SIMPLE.   How do I choose the right one?   I know just enough to be dumb - maybe I am my own worst enemy thinking I know enough to be cautious and in the process of being cautious add on something that does what I'm trying to avoid.   Just because something is an add-on on Firefox does not vouch for its safety does it???



#15 RolandJS

RolandJS

  • Members
  • 4,533 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:04:28 PM

Posted 09 September 2016 - 11:39 AM

NoScript, with a little input from you now and then, works just ifne!  I've been using it for years. Adblock or uBlock [the EZ-to-use one] also work well -- for blocking ads and most popups.


"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users