Question Is there a safe way to open a suspicious email attachment?

Pimpom · 2024-07-23T18:51:29-0400

From time to time over the past few months, I've been receiving emails levelling ridiculous charges of cybercrime at me. The mails are purportedly from an anti- cybercrime center in my country (India) but the email address is from a server outside the country (.de). .The last two mails have attachments that are supposed to be court orders.

Of course I have not downloaded or opened the attachments. I'm wondering if there's a safe way to do so. Just being curious.

If there's no safe way, I'll just delete these last two mails like I did with the previous ones. Any suggestions?

stuff and nonesense · 2024-07-23T18:57:07-0400

Use a junk pc? cyber cafe? Open them on something that doesn’t matter. Keep your main pc clean.

punkncat · 2024-07-23T18:58:01-0400

Create a VM, use it to open and if what you expect occurs, delete it.

USAFRet · 2024-07-23T18:58:32-0400

Pimpom said:
From time to time over the past few months, I've been receiving emails levelling ridiculous charges of cybercrime at me. The mails are purportedly from an anti- cybercrime center in my country (India) but the email address is from a server outside the country (.de). .The last two mails have attachments that are supposed to be court orders.

Of course I have not downloaded or opened the attachments. I'm wondering if there's a safe way to do so. Just being curious.

If there's no safe way, I'll just delete these last two mails like I did with the previous ones. Any suggestions?

Only way would be with a sacrificial PC.
One that you can easily wipe completely.

I'm not sure I would even trust a VM.

Yes, they are scam emails, laden with malware.

USAFRet · 2024-07-23T18:59:54-0400

punkncat said:
Create a VM, use it to open and if what you expect occurs, delete it.

Not sure I'd even trust a VM.
Crafty malware can detect if it is in a VM, and just shut itself down. Leading you to think there is no malicious payload involved.

punkncat · 2024-07-23T19:02:26-0400

USAFRet said:
Not sure I'd even trust a VM.
Crafty malware can detect if it is in a VM, and just shut itself down. Leading you to think there is no malicious payload involved.

I can neither confirm nor deny that claim. I have been using VM for years now to deal with 'sketchy' things and it has never been able to jump outside the enviro because I don't have said set up in the VM (like local networking and so on). At the very least it would allow the user to see what those attachments are, if they will open, and either way just delete the machine when done and it is gone.

USAFRet · 2024-07-23T19:05:34-0400

punkncat said:
I can neither confirm nor deny that claim. I have been using VM for years now to deal with 'sketchy' things and it has never been able to jump outside the enviro because I don't have said set up in the VM (like local networking and so on). At the very least it would allow the user to see what those attachments are, if they will open, and either way just delete the machine when done and it is gone.

Oh, I do the same with VM's.

But software can detect its environment. Windows, Apple, and the typical VM environments....VMWare, VirtualBox, etc.

COLGeek · 2024-07-23T19:19:52-0400

What about booting from Live Linux distro and accessing that way? Likely similar risk to VM, but nothing gets written to local storage.

Clearly scam messages, else someone would be knocking at your door.

Pimpom · 2024-07-24T04:48:28-0400

Thanks for all the replies.
I have some old desktop hardware that I'm (slowly) setting up for use by my recently retired wife - for YouTube and typing documents related to her church activities. Maybe I'll use that with a temporary installation of Windows.

One more question: If the attachment is loaded with a particularly crafty malware, is there a chance that it will affect other computers on my home network?

USAFRet · 2024-07-24T05:37:38-0400

Pimpom said:
One more question: If the attachment is loaded with a particularly crafty malware, is there a chance that it will affect other computers on my home network?

Unlikely, but nothing is guaranteed.

stuff and nonesense · 2024-07-24T05:48:17-0400

A worm infection could look to infect other computers on your network. Depending on the devices connected to your router and your router type they may or may not be vulnerable.
It’s easy to become paranoid about this. If you try with a junk pc, then disconnect your main from the network, turn it off. Turn off the router WiFi, connect to it using a cable. Download, open the bad attachments look at them and then wipe/format the junk pc.

Alternatively, delete the original email and don’t worry. If there were court orders within the attachments then the local police would have been in touch with you by now.

mmp09 · 2024-07-24T06:12:02-0400

I personally use a VM, however a standalone machine that's not connected to any network is a safer bet. Alternatively physically disconnect all your drives, reinstall Windows & intended app on another spare drive, ensure secure boot is ON and check it out.

Then wipe clean the attached drive.

Also upload suspicious files on virustotal site to see if it reports anything.

Search

Question Is there a safe way to open a suspicious email attachment?

Pimpom

Distinguished

stuff and nonesense

Reputable

punkncat

Polypheme

USAFRet

Titan

USAFRet

Titan

punkncat

Polypheme

USAFRet

Titan

COLGeek

Cybernaut

Pimpom

Distinguished

USAFRet

Titan

stuff and nonesense

Reputable

mmp09

Commendable

TRENDING THREADS

Latest posts

Moderators online

Share this page