Friday, December 29, 2006

Strange E-mails Without Attachments Are Not Necessarily Harmless

By Coenraad De Beer

A couple of years ago it was safe to assume that e-mails without attachments are completely harmless, whether from a trusted source or not. Computer criminals became more advanced over the years, causing this simple rule to become less applicable to e-mail security. Spam is more than just senseless e-mails cluttering your Inbox, whether they have attachments or not.

Even e-mails from trusted sources cannot be trusted these days. What we never know is whether the PC of the trusted source is infected with e-mail worms and spam bots sending out these e-mails without the consent of the PC owner. So your e-mail may come from a trusted source but is the source still trustworthy? By that I do not imply that your best friend turned against you and is sending you harmful and indecent e-mails. Your best friend may be totally innocent and unaware of the fact that a virus turned his/her computer into a spamming zombie. The problem we are facing here is to determine whether a human or an infected PC sent the e-mail. A spam bot normally sends e-mails that are totally out of character, e-mails that no decent human will send, especially not your best friend.

But you need to open the e-mail to determine its contents. The perception still exists that e-mails without attachments are harmless and that it is safe to open them. But it is much safer to view the source of the e-mail in order to view its contents without opening it. This is not always possible with web based e-mail services but it is possible with e-mail clients like Outlook, Outlook Express and Mozilla Thunderbird. Viewing the source of an e-mail enables you to read the body of the e-mail without any trouble, just like when you actually opened it. The biggest advantage of this method is that any harmful scripts or attachments embedded into the e-mail cannot be run or executed while viewing the source of the e-mail. Some e-mails may appear scrambled when viewing its source, this is when the e-mail only consists of an image embedded into it and most e-mails compiled this way are normally spam. Disabling JavaScript in your e-mail client will also make it safer to open e-mails, in fact very few people use JavaScript in their e-mails, so I do not even see any sense in enabling something that is never really used.

Many people may argue that they open hundreds of spam e-mails, without attachments, on a daily basis without any harm done to their PC. This is true, but it is not only about the harm it can do to your PC, some of these e-mails contain content that is offensive to sensitive people and harmful to minors. Other e-mails may not contain offensive content, but they can easily make you a victim of advance fee fraud and phishing scams if you are not familiar with the characteristics of these scams. They play with your mind, abuse your feelings, it is a case of psychological warfare, brainwashing. They want you to step into their trap, but they need to deceive you first, gain control over your mind in order to achieve it.

It is not hard to identify spam these days, but people still go through the trouble of opening them while knowing that they are spam. Why open something if you know for a fact that it contains useless information? Have you ever thought of it as the spammer exercising control over your actions? Why do you think do they send you so many senseless e-mails everyday, e-mails that seem to be completely harmless? The only way of making you comfortable with something is to bombard you with thousands of the same kind of e-mail over and over again until you are so conditioned that you no longer can distinguish legitimate e-mails from fraudulent ones.

Spam is no longer aimed at damaging your computer, no those days are long gone. On the contrary spammers need your PC to help them distribute their unwanted e-mails, so they will not harm it, they will rather infiltrate it. They infiltrate your PC to steal your information, invade your privacy and involve you in their devious crimes. Next time you receive a strange looking e-mail think twice before opening it, whether it has attachments or not.

About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud and educating users against online scams and malicious software.

No comments: