Can You Get a Virus Just By Opening an Email?

Category: Email , Spam

Is it possible to get a computer virus by simply opening an email? It's true that email has been and remains one of the most popular attack vectors. Hackers, spammers, phishers and scammers are all knocking on the door of your inbox. But how easily can they slip in, and wreak havoc on your computer? Let's find out...

Viruses and Other Threats in Your Email

The probability that you could be infected by an email-delivered virus just by opening a message was once terrifyingly large. But the vulnerabilities that made it so were quickly addressed by developers of email clients and antivirus software. Today, you have to do some pretty foolish things to catch a virus via your email inbox.

But myths, urban legends and endlessly repeated tales of the cousin of the friend of a friend who lives near the police station in a major city, who got a virus by opening an email, those die hard on the Internet. And ironically, these tales live on and are propagated largely by email. I still get warnings about the Hallmark Virus, and similar missives warning me not to open emails with certain subject lines, or a horrible uncurable virus will wipe out my hard drive.

The possibility of virus-infected email arose with the introduction of HTML email, way back in the early 2000s. HTML gave us the ability to use fonts, colors, images and fancy formatting in emails, but it could also contain hidden executable code in the form of Java or Javascript. That code could do the bidding of bad guys if it could be triggered to execute. Opening an infected HTML email, or even allowing your email client to display it in the preview pane, could execute the code.

Email and Viruses

The good news is this vulnerability was noticed almost immediately, and steps were taken to close it. Email clients stopped supporting Java and Javascript. Vulnerabilities in email software and operating systems were patched. Spam filters began blocking emails that contained suspicious code. Email-scanning was added to anti-malware programs.

Today, you may be able to disable some of the multiple safeguards built into your email client. You may be using an ancient version of Outlook Express that doesn’t contain any safeguards. Maybe you've stubbornly clung to your copy of Windows 98, or you've refused to install any of the security updates or service packs for newer versions of Windows. You may even eschew virus protection that includes email-scanning in real time.

But you’re not that foolish, are you? You don't even have to spend money to get excellent Internet security software. The free versions of Avast and Avira are used by millions of users.

Some people don’t send or read HTML; they stick with old-school plain text email. That’s a sure way to avoid triggering embedded malicious code, but it makes for a poor email experience. Also, it doesn’t entirely protect against email-born malware.

Beyond the First Click: Other Email Threats

Okay, so the likelihood of being infected just by clicking to open a message sitting in your inbox is vanishingly small. I'd venture to say it's zero if you allow Windows to automatically update, and you have anti-virus protection. But once you open that email, other dangers lurk. It's the second click that'll get you in trouble.

Files attached to either plain-text or HTML email can contain viruses. That is why it is so important not to click on any attachment whose sender you do not know and trust. Even if you do know and trust the sender, caution is needed. The email sender's addresses can be faked, or the sender's computer may have been compromised, so it’s vital to use anti-malware software that scans every email attachment.

The bad guys out there rely mainly on social engineering to entrap victims these days. Typically, that means a phishing email that masquerades as something from a trusted sender, urging you to click on a link in the email. Some typical ploys are messages that promise juicy gossip or racy photos. These messages often try to pique your curiousity by mentioning celebrities, public figures or current events. Have you heard? Willie Nelson Confirms Unfortunate News!

Other emails may pretend to be from a company that you know, such as your bank, Paypal or eBay. Oh no... your account is about to be suspended! One false click and you could be dealing with a nasty virus, or caught in the snare of identity thieves. See my related article Have You Been Phished? for more information on email phishing, and how to defend against it.

One of the things I like about web-based email, and GMail in particular, is that you're protected from most of these threats without installing any software at all. If a message with a suspicious link or attachment comes your way, it's either blocked completely, or a warning is displayed that the content may be malicious. My GMail spam folder catches about 200 bogus messages every day.

If you use webmail, or you're conscientious about keeping your desktop email software up to date, there is no reason to fear that you will catch a virus simply by reading an email. But be careful about clicking on links or attachments. That's where the trouble starts.

Your thoughts on this topic are welcome. Post your comment or question below...

Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Check out other articles in this category:

Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 8 Jan 2020

For Fun: Buy Bob a Snickers.

Prev Article:
The Worst Place to Buy a Smartphone?

The Top Twenty
Next Article:
Geekly Update - 09 January 2020

Most recent comments on "Can You Get a Virus Just By Opening an Email?"

Posted by:

Renaud Olgiati
08 Jan 2020

Two easy ways to avoid some problems:

Beware if the email claims to be from your bank, but comes with an email address at or similar.

Beware if the email gives you a link to an attachment, but the link (which you can see when you put the cursor on it) is not on the web-site of the (supposed) sender, or is a shortened URL (Bitly or similar) which can hide all kinds of horrors.

Posted by:

08 Jan 2020

it wasn't made clear - my situation is: emails are displayed in the reading pane. if I do not recognize the sender, or if its automatically sent to spam, I delete it immediately. the gospel according to me is: when you are told to CLICK HERE, don't!

Posted by:

Jay Rodriguez
08 Jan 2020

When I run across an ad the looks like it was designed to capture my imagination, I google it. The usual result is nothing. Unless you consider click bait nothing. Or it's from a sexy Russian "I'm so lonely" female that wants to hook up with an OLD guy. Thanx, Bob.

Posted by:

08 Jan 2020

Within the last few days I have received email from "Amazon" stating that my account is locked. Using a different window, I checked, my account was not locked. Sent both emails to Amazon for their amusement and counter offensive. FWIW

Posted by:

08 Jan 2020

One of the big warnings to look for are the fake site URLs that look legit, such as, or If you are checking, but doing it fast those two and others that use rn to replace m in a URL are often used by Phishers.

Posted by:

08 Jan 2020

To protect you against potential viruses and harmful software, Gmail doesn't allow you to attach certain types of files, including:
*Certain types of files [?], including their compressed form (like .gz or .bz2 files) or when found within archives (like .zip or .tgz files)
*Documents with malicious macros
*Password protected archives whose content is an archive

Posted by:

Chuck Johnson
09 Jan 2020

Thanks for clarifying this. Never had a problem, but it's been the back of my mind for years.

Posted by:

09 Jan 2020

When I receive a phishing email from my "bank" I look for spelling errors. I hold the mouse over the link to verify my account information which connects to some foreign phishing site and not the financial institution it claims to be. It's always a giveaway for fraudulent email.

Posted by:

12 Jan 2020

One thing I find very amusing, when reading many suspicious email subject lines 99% are so silly no one in their right mind would ever think it was legit.

Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! Comments of a political nature are discouraged. Please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are reviewed, and may be edited or removed at the discretion of the moderator.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter

Copyright © 2005 - Bob Rankin - All Rights Reserved
Privacy Policy     RSS/XML

Article information: AskBobRankin -- Can You Get a Virus Just By Opening an Email? (Posted: 8 Jan 2020)
Copyright © 2005 - Bob Rankin - All Rights Reserved