Puzzling over a suspicious email

[webecedarian]

I have a Hotmail account that I use ONLY for rare messages to other posters in a particular forum and to keep notes for myself. So there's very little traffic, and very little spam. I suspect that the spam rides in with the occasional message from a fellow-poster, maybe one a month or so.

I just found an email, from myself, with a heading of something like "Forum posts download 9/3." It seems like the kind of thing I might have done, saving something for myself, although I rarely use the word "download." It didn't ring a bell, but it seems possible.

I open it, and there are just four attachments. Which again, is possible but unlikely. I tend to copy and paste, rather than use attachments. But, without opening them, I could see (maybe it was from passing the cursor over it?) that two or three were labeled "Collage," one of which was sideways, and one looked to be a photo of someone's driver's license. That's when alarm bells really went off.

I moved it into the trash, but I'm wondering. If I were on a public computer, opened my email, moved the unopened attachments onto the desktop, and closed out my email - would it be safe to open the attachments to see what's in there?

[n5bb]

I would look at the full headers of that email and see who appears to have really sent it. Also check the Authentication-Results... (DKIM and SPF) headers, as well as any ARC... headers. Do you typically send such messages from your Hotmail account to that same account? Or was it sent from a different account?

Bill

[JeremyNicoll]

Quote:

Originally Posted by webecedarian

I moved it into the trash, but I'm wondering. If I were on a public computer, opened my email, moved the unopened attachments onto the desktop, and closed out my email - would it be safe to open the attachments to see what's in there?

No.

Depending on the anti-virus/anti-malware software on such a machine (if any) any file moved/copied to its desktop may or may not get scanned as it arrives on the machine. If there's no scan you don't have any safety net (for protection of that machine) at that stage ... and if there is a scan you don't know anything about the scanner and how uptodate it is...

Did you really mean "moved"? If so then the attachments won't be on your email server any longer, so if they were yours how do you intend to get a copy to take home? I for one wouldn't put a USB stick into a public machine... there's no saying what malware might end up on your stick that way.


When you say "public computer", do you mean a system not owned by you, eg one in a cafe or library?

If you do, I think the unsaid implication is that you don't mind that - if there's malware in any of those attachments - it might affect that public machine. How ethical that is depends a lot on the attitude and technical competence of the public machine's owner. /If/ they have a system which runs it in "a sandbox" or wipes and reloads its disk after anyone uses the machine, it might be ok with them - you'd need to ask them about that. But otherwise you would be putting at risk everyone who uses the machine after you do.

It also depends a bit on what you mean by "open an attachment". If you mean "let whatever application would normally process a file of the type that the attachment claims to be" ... then it's unsafe. If you mean "peek inside it with a programmer's text- or binary- editor" then it's probably safe IF you know how to identify different types of file AND how to decide if their content is ok. But I think you don't know that because if you did you wouldn't have asked the question...

You could possibly, if you manage to get files to a sacrificial machine's desktop then upload them to virustotal's file scanner (but you would need to be CERTAIN that you'd not accidentally "run" any of the files eg by fumbling a double-click on any of them); which will run any uploaded file though many vendors' anti-virus/malware scanners and tell you the results. That is at: https://www.virustotal.com/en-gb/ Note that if there's any risk of your files (if they were genuinely from you) containing confidential information, you need to know that Virustotal may forward files to some of the vendors of the scanning software.


If you have a neighbourhood PC repair shop, they might be willing to help. They'd (hopefully) be used to dealing with possibly dodgy files etc.

[pjroutledge]

Quote:

Originally Posted by webecedarian

If I were on a public computer, opened my email, moved the unopened attachments onto the desktop, and closed out my email - would it be safe to open the attachments to see what's in there?

A previous user of the public computer might have had the same idea. And they might have downloaded and opened a malware attachment (say, a keystroke recorder). When you come along later and open your email, the previously loaded malware could capture your email userid and password.

(2FA could mitigate the risk, but I'd still be uncomfortable with some bad actor getting my email userid and password.)

[TenFour]

Chromebooks don't get malware or viruses for the most part. You could probably open those attachments on a Chromebook safely. Just to be extra safe I would download the attachments first, disconnect the Chromebook from the Internet, then open them.

[Bamb0]

I have gotton emails that look like they are from myelf......On safe-mail I blocked my own email address it was happening so much......

[mister]

Why don't you look in your sent folder and see if you have a match.