This is part 3 of the Safe Surfing Guide series. You may check other parts as well to read the complete safe surfing guide.
Malicious code and malicious link can be easily hidden in emails. When you open emails, the execution of the malicious code may be triggered. Or, the malicious link may open automatically and download nasty things to your local computer.
Another security issue for your email is phishing. The sender pretends to be someone else, e.g., Facebook, or your banker. If you follow the link, you are trapped.
If you follow this Safe Surfing Guide series, you may wonder how this can happen after your install antivirus and anti-malware software already. The reason is simple.
All antivirus and anti-malware software can only find “known” threats, although some software can use certain patterns to find new threats. Most of the time, only after the virus and malware are reported, the computer security software vendors analyze such virus and malware, then update the virus or malware databases. Only after these databases are updated, such new virus or malware can be detected by the software.
The simple way to mitigate the damage of new malicious code/link in your email is to use webmail for any new emails, instead of using any email client, which manage your emails in your computer. For example, M$ Outlook and Thunderbird are the two commonly used email client packages.
Most webmail systems give some sort of protection against such threats. For example, Gmail will find and mark most of the phishing links. AOL webmail disables all links in the email by default: if you need open it, you need to confirm the operation. New Yahoo webmail also sees a lot of improvement in identifying spam and phishing emails. For the malicious code hidden in the email, most of these webmail systems are able to block them easily.
If you are using a local email client to receive such malicious emails, the risk is quite high. Your antivirus and antimalware software are usually useless with new threats.
So, if you need to store your emails locally, you may check all emails on webmail first, then download/retrieve them with your email clients.
Another advice dealing with malicious email is that you do not open any email from someone you don’t know. Gmail can show the snippets of the email so that you can discard unwanted emails quickly.
Anyway, checking your email use webmail, not an email client, will reduce your risk of attacks from malicious emails.