Technology
Is just reading that sketchy scammer’s email dangerous or do I have to click on a link to get in trouble?
Are you worried about opening suspicious emails? You’re not alone. Many people are confused about the risks associated with spam and phishing emails.
That includes “Bill” from Groton, Connecticut, who wrote to us and asked, “Myself and my friends are unclear if we can get into trouble by clicking on a spam or hacker email…as long as we don’t open anything INSIDE the email … in other words … can we EVER get into trouble by simply reading any email ??? thank you if you can address this to your viewers … I think many are unclear about this.”
That’s a great question, Bill. Now let’s dive into this topic and clear up some common misconceptions.
I’M GIVING AWAY A $500 GIFT CARD FOR THE HOLIDAYS
Enter by signing up for my free newsletter!
Common misconceptions
Opening emails can instantly infect your device: One common myth is that simply opening an email can automatically infect your device with malware. In reality, modern email systems (such as Gmail, Outlook, etc.) generally prevent this from happening. The real danger comes from interacting with the content inside the email, such as clicking on malicious links or downloading harmful attachments.
Plain text emails are always safe: While emails in plain text format are generally safer than HTML-based emails, they can still pose a risk if they contain malicious links. Phishing attacks can appear in plain text emails, luring you to dangerous websites.
Emails from known contacts are always safe: Even if an email appears to come from someone you know, that doesn’t always mean it’s safe. Attackers can spoof email addresses or hack accounts, so always be cautious about unexpected or unusual messages from known contacts, especially those containing links or attachments.
Spam filters catch all malicious emails: Spam filters are highly effective but not perfect. Some sophisticated phishing and malicious emails can bypass these filters and land in your inbox. This is why it’s important to stay vigilant, even with emails that seem to have passed your email service’s security checks.
Previewing emails is always safe: Most modern email clients use a “preview” pane for quick reading. While the risk of malware through previews is significantly reduced in up-to-date systems, embedded trackers or other forms of data collection can still occur, confirming your activity to the spammer. Always disable automatic image loading or other active content features in your email client’s settings to minimize exposure.
CONTROL SPAM – HOW TO CREATE A QUICK ALIAS EMAIL ADDRESS
What to watch out for
As mentioned already, generally, simply opening an email is not enough to cause harm. However, there are some important points to consider:
1) Embedded trackers: Some spam or phishing emails contain trackers that can notify the sender when the email is opened. This can confirm to the spammer that your email address is active, potentially leading to more spam.
2) Malicious links and attachments: The real danger lies in clicking on links or downloading attachments within the email. These can lead to malicious websites or download malware onto your device.
3) HTML emails: Emails that contain HTML content can sometimes execute scripts when opened. While modern email clients have protections against this, it’s still a potential risk.
4) Phishing attempts: Even if you don’t click on anything, phishing emails can be designed to look very convincing and may trick you into providing personal information if you respond.
WHY AM I GETTING SPAM FROM MY OWN EMAIL ADDRESS AND HOW TO STOP IT
How to stay safe from suspicious emails
If you’re worried about receiving sketchy emails, there are several steps you can take to stay safe and reduce your risk of encountering malware or falling for scams. Follow these guidelines to protect yourself:
1) Avoid clicking links or downloading attachments: Never click on links or download files from emails you don’t trust. Scammers often use these tactics to direct you to malicious websites or install malware on your device. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android and iOS devices.
2) Use a reputable email client: Choose an email provider that prioritizes security features like spam filtering and two-factor authentication to add an extra layer of protection for your account. Read more about secure and private email here.
3) Enable email filtering: Turn on spam filters to reduce the number of unsolicited or potentially dangerous emails reaching your inbox. This reduces your exposure to phishing attempts. Most email platforms these days automatically filter out what they assume to be “junk” into their own folder. If you notice the amount of spam getting through to your inbox increasing, you may want to consider a Spam Filter. There are free options for different email providers. For Gmail, try Mailwasher. For Outlook and Windows Mail, try Spam Bully, which costs an annual fee of $29.95.
4) Keep your software updated: Regularly update your email client and operating system to stay protected from the latest security vulnerabilities that hackers might exploit.
5) Consider data removal services: Use data removal services to ensure your personal information is less accessible to potential scammers. This reduces your risk of being targeted in the first place.
While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here. HOW TO BLOCK THOSE UNWANTED AND ANNOYING SPAM EMAILS
While opening spam emails isn’t typically dangerous, it’s always better to err on the side of caution. Be vigilant, trust your instincts, and when in doubt, delete suspicious emails without opening them.
What’s the most convincing spam email you’ve ever received, and how did you recognize it was fake? Let us know by writing us at Cyberguy.com/Contact.
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter. Ask Kurt a question or let us know what stories you’d like us to cover.
Follow Kurt on his social channels:
Answers to the most asked CyberGuy questions:
New from Kurt:
Copyright 2024 CyberGuy.com. All rights reserved.
Kurt’s key takeaways
Technology
Elon Musk is directing harassment toward individual federal workers
Elon Musk is, in addition to many other things, now the co-lead of the currently nonexistent Department of Government Efficiency (DOGE) advisory group. Now, before it even gets rolling, he has begun singling out individual government employees he says are emblematic of the government’s bloat and posting about them to his hundreds of millions of followers on X.
Earlier this week, as first reported by The Wall Street Journal, the X user “datahazard” shared a screenshot on X highlighting the role of Ashley Thomas, the Director of Climate Diversification at the US International Development Finance Corporation, saying, “I don’t think the US Taxpayer should pay for the employment” of that role. Musk reposted it, adding the comment “so many fake jobs” in a post with more than 33 million views.
As the WSJ notes, Musk’s followers have responded in exactly the way you’d expect: with a flood of memes and harassment targeting Thomas, whose LinkedIn and Facebook pages are now private. Everett Kelley, president of the American Federation of Government Employees, told the WSJ that the posts “are aimed at sowing terror and fear at federal employees.”
Flooding targets with harassment is a tactic Musk has done in the past, including calling caver Vernon Unsworth a “pedo guy,” criticizing a former Twitter exec following his offer to buy the company, and suggesting that head of trust and safety Yoel Roth was sympathetic to pedophilia. All, of course, under the guise of “free speech.”
The ensuing harassment, of course, is precisely the point: Musk has systematically turned X into a megaphone for his views and has wielded that megaphone to whatever end he finds funny or useful. Musk and DOGE co-lead Vivek Ramaswamy have promised to do much of their work in public (and sometimes by X poll), too, which means this kind of pointed attention is likely headed toward many other civil servants in the near future.
Technology
Strava’s API debacle highlights the messiness of fitness data
A few days ago, Strava upset its users over some restrictive API changes. It might seem odd for one app’s users to fume over an API, but at the heart of the matter is the inherent messiness of fitness data.
Here’s a typical scenario. Say you’re all in on Garmin’s platform. You use their watches for running and strength training. Then, you pick up a Peloton bike for indoor cycling. Well, Garmin devices aren’t compatible with Peloton bikes because the two companies haven’t struck a direct deal with one another for data sharing. So, to get your heart rate on the Peloton bike, you buy a chest strap. And then you decide to train for a race, so you sign up for one of those digital coaching platforms — the kind where a personal trainer reviews your workouts and builds you a customized plan.
The dilemma is now you have three separate apps where your workout history is stored, with three separate interfaces — and none of them with the whole picture of your training.
There are a number of ways you could consolidate that data, but in this scenario, the simplest is to upload all your workouts into Strava and then import all that Strava data into the coaching app.
This kind of scenario has come up dozens of times throughout my wearables testing. Most recently, it came up when I reviewed a Mobvoi connected desk treadmill. I didn’t like its native app, but trying to get the data into my preferred apps was a nightmare. At the end of the day, it was easiest for me to go through Strava.
The reality is many smaller fitness apps and wearable makers don’t have the resources to strike up direct data integrations with the thousands of other fitness apps and devices on the market. It’s much easier for everyone to use Strava’s API and call it a day. And unlike Apple’s HealthKit API or Google’s Health Connect, Strava is platform-agnostic.
Where things get really murky is third-party fitness platforms that extrapolate their own insights from Strava data — a no-no under the new API terms.
Take a third-party platform like VeloViewer. The whole idea behind VeloViewer is to give more in-depth insights into Strava data, including 3D maps, charts, yearly activity recaps, and leaderboards. This is a great option for folks who want more info than what’s natively available in Strava, but the new API changes break many of the aforementioned features. As you might imagine, VeloViewer users — many of whom say they only pay a Strava subscription to use VeloViewer — are pissed. VeloViewer has since released a statement saying it’s working with Strava to resolve the issue, but it doesn’t change the fact that Strava holds all the cards.
Admittedly, this is a niche problem. Most people use one or maybe two fitness apps with their smartwatch, and this isn’t really an issue. But for those of us who want the freedom of using multiple devices and apps across various platforms? It’s a sobering reminder that it only takes Strava changing the rules to break a carefully crafted system.
Technology
The Verge’s guide to Black Friday 2024
These days, Black Friday isn’t so much a single-day shopping holiday as it is an ever-expanding, monthslong event that often begins as early as October. The 24-hour deal blitz that once was the focus of newspaper headlines and mobs outside of stores is no more, which makes knowing when and where you should be spending your cash all the more confusing.
Luckily, we’re here to help. Over the next month or so, we’ll be poring through scores of presale spreadsheets and thousands upon thousands of deals to separate the real discounts from the unexciting, made-up bargains every retailer seems to hawk around the holidays. We’ll have tips on how to find the best deals and when to shop, and we’ll continue to flag the most compelling sales in the run-up to Black Friday proper on November 29th.
And if a month of sales is not enough, you’ll have another shot at tackling your holiday wish list come December 2nd. We’ll be rounding up the best deals on 4K TVs, laptops, phones, robot vacuums, noise-canceling headphones, and other Verge-approved gadgets throughout all of Cyber Week. So stay tuned!
-
Business1 week ago
Column: OpenAI just scored a huge victory in a copyright case … or did it?
-
Health1 week ago
Bird flu leaves teen in critical condition after country's first reported case
-
Business6 days ago
Column: Molly White's message for journalists going freelance — be ready for the pitfalls
-
Science3 days ago
Trump nominates Dr. Oz to head Medicare and Medicaid and help take on 'illness industrial complex'
-
Politics5 days ago
Trump taps FCC member Brendan Carr to lead agency: 'Warrior for Free Speech'
-
Technology5 days ago
Inside Elon Musk’s messy breakup with OpenAI
-
Lifestyle5 days ago
Some in the U.S. farm industry are alarmed by Trump's embrace of RFK Jr. and tariffs
-
World5 days ago
Protesters in Slovakia rally against Robert Fico’s populist government