Can Opening an Email Get You Hacked?

Did you know that 47.3% of all email is spam, which is around 15 billion spam email messages sent every day?

Today it's email security 101 not to download an email attachment or click on a malicious link in a spam message as this can likely lead to malware infection, but what about simply opening a spam email?

Can a hacker do anything to your account if you open a spam email?

No, Opening Spam Emails Won't Get You Hacked (Anymore)

Opening Spam Emails

Let's put your mind at ease right away.

Opening a spam email will not get you hacked.

This, however, wasn't the case just a few years ago.

So, a short history lesson about our beloved email is in order here.

You see, email has been around for 60 years as we know it today, having been invented by Ray Tomlinson in 1971 (the first email was created in 1965 at MIT as a computer program called "Mailbox").

Back then, emails could only be exchanged as plain text messages (no images, links, formatting, etc.). This, however, changed when Tun Berners-Lee wrote HTML in 1993.

Soon, email could contain not only plain text, but also links, images, you could make words bold or underlined and more.

In other words, you could "do things" with email, which opened a lot of opportunities for users (and businesses), but also made email vulnerable to spreading malware.

The reason for this was DHTML (Dynamic HTML) and JavaScript, which gave the ability to HTML to "do things" such as turn text red when you hover over it with a cursor or play games in a browser.

And hackers soon found a way to exploit this and infect your email account and device with malware.

Microsoft Outlook and the Preview Pane Email Account Vulnerability

Microsoft Outlook

Now, just to be clear, Outlook wasn't the only email service provider that had this vulnerability. Other email services that offered a preview pane (and most of them did) could also be exploited by hackers.

So how did this work?

  1. You leave your email client running
  2. Your most recent message is displayed in the preview pane
  3. A new message arrives in your inbox
  4. Outlook selects the new message as the "most recent" and updates the preview pane
  5. If the message you just received contained malware (DHTML or JavaScript), it could run, spreading malware to your computer

Problem Fixed No Need to Worry About Getting that Spam Email Message Any More

Fortunately, it didn't take long for email providers to figure out and fix this vulnerability.

Now email is no longer treated as a webpage and so it won't run JavaScript before the actual message is displayed (and not just previewed).

Okay, almost. There was still a vulnerability in Microsoft Outlook dubbed CVE-2020-16947 that allowed remote code execution when opening or previewing emails that contain malware.

Fortunately, Microsoft fixed this with a security update in October, 2020.

Your Personal Information is Still Not 100% Safe

That said, don't think that your mail client and personal information are now completely safe.

You can still get hacked via a malicious attachment or a link from a phishing email.

To ensure that this doesn't happen here are some email security tips to keep your inbox safe from bad guys:


Can your email get hacked by just opening an email?

No, you can't get hacked by simply opening an email. This was possible before when emails would run JavaScript in the preview pane allowing malware to spread without any action from the user.

Can you get scammed by opening an email?

You can't get scammed by just opening an email. For a phishing email to work, the user needs to make an action such as click on a bad link or download or open a suspicious attachment which then allows the hacker to gain access to your sensitive information

What happens if I open a suspicious email?

If you just open a scam email not much will happen. The scammer won't get access to your account or password, and you won't get your identity stolen. That's as long as you don't provide any confidential information or make any actions on that message.