Hello! When I read emails I always pay a lot of attention to suspect messages and so on, but I’m always a bit scared of clicking the wrong link and getting infected by malwares.
What can be some preventive measures I can take to avoid these risks? Perhaps opening links from emails in a different browsers with JavaScript disabled? Soke kind of sandboxing?
I use Thunderbird as mail client

  • INeedMana@lemmy.world
    link
    fedilink
    English
    arrow-up
    11
    ·
    edit-2
    1 year ago

    I’m not saying that these will make you 100% secure but that’s what makes me feel safe

    1. configure Thunderbird to not display images by default. You can whitelist addresses afterwards or tell Thunderbird to show images for this particular message
    2. configure Thunderbird to always display mails in plain text. You can switch it for the opened mail when it looks ok
    3. if viewing plaintext is too much, configure Thunderbird to show you the real address somewhere on the bottom when you hover over a link (if it doesn’t do this by default). If it looks weird, don’t click it. Usually if the info in the mail is real, you can get to it via browser, you shouldn’t have to click the link
    4. set Thunderbird to always show the real sender e-mail address next to the name set by sender. Get a habit of looking at it when opening mails
    5. while reading smtp headers (there is some button for that when you have an email opened) can be daunting at first, it’s not that hard to understand from it the path the mail took. If none of the addresses on the list seem fine, be cautious
  • Monomate@lemm.ee
    link
    fedilink
    English
    arrow-up
    5
    ·
    1 year ago

    My email is mostly used to receive confirmation messages when creating online accounts, recovery links to forgotten passwords, confirmation of purchases, confirmation of banking transactions, etc. These are all cases of mails that arrive as an immediate response to some action I took, so I know they’re legit and don’t fear clicking on their links if necessary to complete my task.

    However, I’m more suspecious of mails that I receive unprompted. In these cases I see no reason to go clicking anything, especially if it’s from a company that I have no previous relationship.

    • T156@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      These are all cases of mails that arrive as an immediate response to some action I took, so I know they’re legit and don’t fear clicking on their links if necessary to complete my task.

      Just be wary of emails that masquerade as something that came from an action you took, but are just phishing, or come attached with malware.

      • Monomate@lemm.ee
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        The point is the “timing” of the received mail. If you receive a password reset immediately after requesting one, that’s strong evidence the mail is legit.

  • T156@lemmy.world
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 year ago

    What can be some preventive measures I can take to avoid these risks?

    Avoiding the risk isn’t the only thing you should prepare for in that case, although I think that using common sense should be good enough for most. It’s a case of diminshing returns, and at some point, you’re making things harder for yourself for little actual benefit.

    You also want to take steps to make sure that, in the eventuality of getting infected by malware, you have a way to deal with it. Such as keeping separate, disconnected backups that you can replace your machine with, wiping out the infection, or at worst, restore to a new machine if the malware renders it entirely unusable.

  • Björn Tantau@feddit.de
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    Unless you’re expecting a mail you should never open any links. Just go to the originating page manually.

    You can also hover over the links to see the URL they’re pointing to. If it goes to y0urbamk.com or yourbank.to instead of yourbank.com you know that something is up. But that can be hard to see with strange Cyrillic letters or so. So manually typing in yourbank.com helps.