Many people have an habit of arbitrarily checking and opening their spam messages to see if it is a false positive from the mail filter.

Today, I will be providing some insight into the extent of risk that can be associated with merely opening a possible phishing mail. There is this conception that there is no harm in opening or reading a mail. While that is mostly true, I will be outlining some probable danger that can be emanate from this:

Reconnaissance and automatic activation of content: There are a number of mail clients that automatically provides access to external content as soon as it is opened. This files (e.g. images) can contain hidden scripts that sends information to the attacker. Luckily for Gmail users, I can confirm that by default "Google on the Web" is not susceptible to this, except you have edited your settings. Information that can be gathered could include ip address, browser, operating system, etc.

Email Read Receipts: Just like WhatsApp, you specify to be notified when a mail is opened. From a security point of view, an attacker can use this to know if a email is active before drilling down to the next phase of his attack. If you don't want to send any form of info to an attacker DO NOT OPEN THOSE SPAM MESSAGES

Hovering over malicious content: This is a little technical to explain or implement, but not impossible. There are several events that triggers an action. When you click on a button or link and it takes you to a new page, it is because a developer has associated an onclick event to trigger that action. Just like clicking, hovering over an object can trigger an event. Likewise, if your mouse is used to hover around the malicious email it can lead to some unexpected event. This will not be possible if you stayed away from such emails.

So you may not be hacked, but you can definitely give the hacker clues on how to hack you from only reading his emails.

Moral of the writeup: Don't read potentially spam or phishing emails!!!!