So, you’ve accidentally opened a spam email, and you’re probably wondering: is that bad? And if so, how bad is it?
The good news is that opening a suspicious email, while not ideal, is relatively harmless.
Spam emails only become a serious threat if you’ve committed any of the following actions:
Downloaded any malicious files or email attachments.
Responded with sensitive information (like your credit card or bank account numbers).
Clicked on any phishing links.
Why Did I Get a Spam Email? How Do Scammers Get My Email Address?
When spam messages successfully bypass spam filters and reach your inbox, it’s because scammers were able to verify that your email address is valid (as in, it won’t bounce back messages as undeliverable).
There are a number of different ways that email spammers could have obtained your email address, including:
Scraping public records. It’s very easy for spammers to find your email address if you’ve ever posted it online publicly.
Guessing. Spammers often test out common email combinations, like firstname.lastname, until they get a valid result.
Buying email lists. A spammer may have purchased a list of email addresses (legally or illegally) that had your email address on it.
A data breach. Spammers may have found your email address after a data breach.
Scraping social media sites. It’s very easy to scrape sites like LinkedIn for your personal contact info.
Can Spammers See That I Opened Their Email?
It depends. Spammers will be able to tell that you opened an email if you download any attachments or click any links (which you should NEVER do), or if your email client automatically loads any images that are embedded in the message.
If that last item was a bit of a shock, it’s true: scammers can actually gain a ton of data about you if you have automatic image loading turned on.
If you have automatic image loading enabled, scammers may be able to see:
Your internet service provider or mobile carrier.
Device you used to open the email (desktop, tablet, iPhone / Android).
Operating system you’re using (iOS, Mac, Android, Microsoft Windows, Linux).
Email client you’re using (Apple Mail, Outlook, Gmail, or Yahoo Mail).
Web browser you’re using (Apple Safari, Google Chrome, or Firefox).
Most email services will allow you to disable automatic image loading in your email account settings.
What Should I Do After I’ve Opened a Spam Email?
If you’ve opened a spam email but have not clicked or downloaded anything, be sure to do the following:
Don’t just unsubscribe! Mark it as junk email so that your email client (Gmail, Yahoo Mail, or another provider) can do a better job of sending malicious emails directly to your spam folder.
Scan your computer for ransomware, trojan horse viruses, and other malware just in case.
Tell friends, family, and your employer (if it was sent to your work address) to steer clear of similar email messages.
Do not engage with any sketchy looking emails, since it's probably phishing spam—and never reply to it directly.
Beware of Suspicious Links, and Never Click Them!
You should never open files or click unfamiliar links unless you know exactly who sent them.
Cybercriminals often send computer viruses and malware through malicious attachments like .pdf or .zip files. Hackers are experts at sending phishing emails with malicious links that look almost identical to legitimate emails. Pay close attention to formatting errors in these emails, as they can be an obvious indicator of spam.
Malware is software that’s designed to harm your computer and/or steal your personal data. Ransomware is a specific form of malware that demands that you pay a ransom in order to protect your private information from being shared over social media or the dark web.
Phishing attacks usually happen when you click unfamiliar links. Phishing scams are clever attempts at stealing your sensitive personal data by tricking you into clicking links that have the appearance of legitimacy.
Fraudsters do this by forging an email header to make it look like it came from someone you trust. Then, they'll use your sensitive data to make purchases on in your name, or to commit identity theft.
What Happens If I Opened an Attachment from a Phishing Email or Clicked on a Spam Link?
If you’ve downloaded a corrupt attachment or clicked on a link that has taken you to a suspicious web page, you should take all of the following actions.
Disconnect from your wireless network. Turn off Wi-Fi or cellular data capabilities if you’re on a mobile device, or disconnect from Wi-Fi if you’re using a laptop or desktop. Without an internet connection, there is less of a chance that the malware can send data from your device to hackers or monitor your activity remotely using spyware.
Backup your files. Make copies of your most sensitive information, documents, photos, videos, and other keepsake files and store them on an external drive.
Scan your computer for malware or viruses. Use antivirus software that has anti malware capabilities in order to identify and get rid of any harmful software.
Change your passwords immediately. Malware can be used to crack the usernames and passwords for any of your online accounts, including—but not limited to—social media, banking, crypto, email, and shopping accounts. Changing all your passwords will lock out these con artists.
Consider Identity Theft Protection If You've Been Phished
As spam and phishing techniques get more sophisticated, it’s important to arm yourself with the right tools to prevent scammers from stealing your sensitive data and invading your devices.
In addition to turning off autoloading images in your email, you should update the software on all your devices to the latest versions. Safeguard your passwords with a secure password manager, rather than storing your passwords in a vulnerable place, such as your browser's autofill password center.
* Identity Theft Insurance underwritten by insurance company subsidiaries or affiliates of American International Group‚ Inc. The description herein is a summary and intended for informational purposes only and does not include all terms‚ conditions and exclusions of the policies described. Please refer to the actual policies for terms‚ conditions‚ and exclusions of coverage. Coverage may not be available in all jurisdictions.
¹ The score you receive with Aura is provided for educational purposes to help you understand your credit. It is calculated using the information contained in your TransUnion or Experian credit file. Lenders use many different credit scoring systems, and the score you receive with Aura is not the same score used by lenders to evaluate your credit. ² You may cancel your membership online and request a refund within 60 days of your Aura membership purchase either through your Aura Account Membership portal or by calling us at 1-855-712-0021.
³ ath Power Consulting, 2018
⁴ Child members on the family plan will only have access to online account monitoring and social security number monitoring features. All adult members get all the listed benefits.
⁵ Identity Theft Protection Review is a marketing affiliate of Aura, and may receive monetary compensation from Aura.
No one can prevent all identity theft or monitor all transactions effectively. Further, any testimonials on this website reflect experiences that are personal to those particular users, and may not necessarily be representative of all users of our products and/or services. We do not claim, and you should not assume, that all users will have the same experiences. Your individual results may vary.