Millions of people use popular email providers like Gmail, Yahoo, and Outlook. But in many cases, suspicious emails contain attachments, links, images, or other types of files. Now, when it comes to security, the challenge here is how to know if that is phishing or legit, and what you can do to safely open messages without risking your computer or smartphone.
In reality, opening a spam email that looks weird may not be as dangerous as you may think unless you click on the links or reply. So, yes, when you reply to an email, there is a risk. And lots of people ignore that because it’s not the same as interacting with URLs etc… Keep reading, I’ll show you why and how to get rid of all that and know for sure if you should open, then reply or not to any email.
The risk when replying to emails
Because just replying to the sender’s message may look safe, (which can put the lives of many people at risk and cause many issues that few people talk about). In fact, by opening an email, the sender can know that the message was delivered and read if he adds an extension to Gmail. But that’s not a threat, right? Now, what about the IP address when you reply?
In reality, when someone clicks on the “reply” button on Gmail or other services and sends the email, there will be hidden details. That includes your real IP address, device type, and others. For security reasons, it’s not a good idea to share your real IP with someone you don’t trust. And if you’re not lucky, he can be a hacker or dangerous guy who may use any of your data for bad goals. And that’s what no one wants.
If you want to hide your IP and stay safe, use a VPN all the time when you reply to someone you don’t recognize or trust. That’s powerful and easy at the same time.
How to identify dangerous emails?
Some emails look good when they’re dangerous in reality. And the sender uses advanced techniques to target the right users. On the other side, some messages in the spam folder may be trusted, but added by mistake algorithmically. So, it’s always recommended to make your own conclusion about whether an email is phishing or safe.
1. Weird content
Don’t be curious when you see an email that congratulates you for a gift that does not exist in reality or money that you can receive. These scammers play their bad game and someone who faces financial difficulties will be a victim. I saw lots of scammers from Nigeria and other places asking people for their bank numbers. And of course, if you get any of these suspicious emails, don’t reply and delete them.
Also, many scammers send female photos with messages to attract guys who may find that interesting and click on links. Unfortunately, lots of iPhone and Android users got hacked because of that. The same thing applies to laptops and many mobile devices. So, next time, when you see such wired emails, forget them and if you get many messages, add a filter that can automatically delete them.
2. Content in another language
When your primary language is English and you receive emails in Chinese or Russian, there will be a high chance of being hacked when interacting with such messages. That could happen in many ways like viruses, malware, dating scam, trojans, etc…
If you feel that the email is legit and it’s not a scam, try using the Google translator and copy-paste the message there but without clicking anything. That can give you an idea about the topic of the email and if it’s a mistake or another fraudulent attempt to avoid completely.
3. Fake contact details
Anyone can add a signature to his email with the street address, phone numbers, website, and other details. But not all that can be correct. For that reason, I recommend verifying each information even if that will take minutes. Your online security should be a priority, and clicking on links from anyone who pretends to be PayPal or Amazon will be dangerous.
Search for the details you see in the email signature or the sender ID, add them to Google, and search. Next, if you find results, read the pages and see if there is a mention of scams or other news about online fraud. Also, compare the real identity of the person who sent the email with the details you see. If you have doubts, don’t click on any button.
4. Be careful with a password change request
This is a common scam and that happens a lot and many users take action faster than they should be. When a website sends emails and tells you to update your password, don’t click on the link or the button. Instead, access the website that you know from your web browser, and if there is any request for password change for better security, you’ll find that on their website when you log in.
Email can contain hidden links with buttons to secure your account and things like that. And by ignoring these messages, you’ll make your inbox safe and the device you use clean from malware and virus.
5. Don’t click on unknown URLs
Unknown URLs can be suspicious if they’re not clear and include symbols or short URLs that mean nothing if you want to read them. If you have doubts about a link, stop thinking about accessing it. You may get virus software by doing that. Instead, verify the details in the email like the sender ID, and signature. If something looks weird, then, it’s a bad email that you should not use in any way. Or, you can search for the email that sends the message on Google and see if you can find information about malware, etc…
6. Just opening emails is not dangerous
Unlike the old days of Outlook and Gmail, when you just open an email, there is nearly zero chance to get a virus or malware. That’s because Google, for example, invested a lot in security and it would be a ridiculous idea to let someone access others’ details or attack their computers by just opening a message.
That’s good news, but remember, I’m just saying opening emails, and not clicking on any of the links that can be added to images, words, or attachments. Thus, by just opening emails, you’re not at risk, unless you click on any of the content or if there is scripting allowed on the server. That’s what most providers block and that’s good.
7. Spam folder and risks
The “Spam” folder in Gmail or its equivalent called “Junk” in Yahoo forwards the suspicious email to the dedicated inbox. So, the user knows it’s probably not a good message. But that’s not true all the time, I found lots of legitimate emails from trusted companies like PayPal and others in the Spam folder and that’s a false positive that can happen sometimes.
So, opening an email in the SPAM inbox is the same as the primary. But you need to be careful this time and think twice before you click on any link or image. If you find a Red-colored notification from Google telling you that the email was flagged by others to be suspicious, then, never click on it and immediately remove it from your Inbox. Google has a good system that detects phishing emails by collecting data from millions of users and reports.
How to safely open a suspicious link in emails
If you still have doubts about the email and you should open it, then, you have no other option than to secure your smartphone or laptop. And then, apply the following measures.
Use a VPN
As I said earlier, the Virtual Private Network is more important these days than any time before. There are millions of websites and it becomes harder to know for real what emails are legitimate and what others are suspicious about. However, by installing a good VPN on your smartphone and other devices, you’ll encrypt the connections between the browser and the website you use, including email providers.
That’s not enough on its own, but a great way to take your security to the extra level. The IP will be hidden, and you get another IP address from another location you choose. And even more, there are advanced security tools that enhance the encryption technologies in these tools which helps a lot.
See the original message
Gmail lets you see the original message that the user sent. All you have to do is open the email first (don’t click on anything on it) and then, click on the vertical 3 dots (options). Next, click on “Show original”. Here is how to find that with a screenshot.
By clicking on the Dots, you’ll find the options like the following example:
Now, all the details in the email will be listed on a dedicated page. Consequently, you can see the IP address the sender has. And thus, it’s a good way to know from where the message was sent, with the region, and even the city.
Next, you can look up the IP address using any free tool and see the location on the map. Compare that with what you have as an idea. If the IP is from another country that the website usually uses, then, that’s a red flag.
When you know the location of the IP and the name server, you’ll fight email spoofing as many spammers use emails that look from someone’s domain name, when they’re not in reality. So, trusted companies added SPF (Sender Policy Framework) records for their domains. That way, users can check the original message and see it’s from a real domain.
Take action manually
This is important when you receive emails for changing details or accessing your account with any website, including Facebook, banks, and others. So, if there is a call to action button or link, never use it. Instead, take action manually by accessing the website and entering its URL directly.
Then, when you login, search for notifications about changes or requests. If there is any, you’re not at risk because you already visited the site manually and not through the suspicious link or button.
If you want to go further, and you see that the email is fake, then, you can send an email to the website and let them know about the fake message you received. Create a screenshot if you want as that helps and the company will consider that and warn all users (that happens a lot, thanks to good people).
Use protected environments
Many good antivirus tools offer such features. So, if someone is not sure whether an email is good or not, he can open it in a fully protected window. In Microsoft Outlook, the protected view for attachments works well. And by using it, you’ll use the read-only feature that blocks malware.
If you already installed antivirus software, look for the control panel, and even settings. If you see something like protected mode or a safe environment, that’s what you need to safely open suspicious email attachments or URLs without risking your phone or computer. You can also learn the tips and tricks to protect login details and passwords, and personal data online.
Preview the links in your browser
Google Chrome and Firefox allow users to see where links take to without clicking on them. All they need is to place the cursor over the link or the button and the destination link will be shown on the bottom-right area of the screen. Take that into consideration and see if there is a difference between what the URL takes to be a destination with what it’s supposed to be. At the same time, if you find a very long URL with a complicated structure that you can’t even read, don’t click on these links.
These are some, but not all the ways to detect dangerous emails from the good ones. Make sure you apply the tips and tricks I mentioned. So, you can secure your email account and personal data when replying or interacting with the content of any message in your inbox.