how to safely open suspicious emails?

[enhanced08]

I get asked quite often "This email looks funny, should I open it?" or similar. I normally have the user forward me the email and I open it and the attachment myself to check for possible bad links, etc. However I assume me opening it is almost as bad as them doing it. Is there a safe way to check these emails? Some type of program or something?

 

[THOMO]

Google - Virtual machine

 

[klank]

Just don't open them.

If you think it is suspicious, then either call the sender (if you know them and have their #) or send them an email asking if they had sent the suspect email.

Of if you have nothing better to do then run a VM or sandbox to view the emails.

 

[robvas]

Use a Mac or Linux

 

[hawk82]

Open all emails in plain text, Don't click any links and don't open attachments.

Edit: or view the headers first and see where the email came from.

 

[Jay_2]

I look at the original email, it has the header etc and show all test in basic text format.

 

[Metraon]

There is malware that can affect VM's, mac or linux. People think they are invulnerable but attacks on linux, wmware or unix but these are more frequent than you think, or just undetected. It depends a lot of your intentions, skill level and what do you want to learn from this....

http://www.symantec.com/connect/blogs/crisis-windows-sneaks-virtual-machines

 

[nghiasimon007]

If you want to be really safe, you can install a virtual machine and an operating system on it so that you can open the files there, this way it doesn't affect your OS if something goes wrong.

 

[Biznatch]

There is malware that can affect VM's, mac or linux. People think they are invulnerable but attacks on linux, wmware or unix but these are more frequent than you think, or just undetected. It depends a lot of your intentions, skill level and what do you want to learn from this....

http://www.symantec.com/connect/blogs/crisis-windows-sneaks-virtual-machines

The point of a sandbox VM is so you don't care about it getting infected. You make sure this VM has no access to any other servers/client machines with network restrictions, and make sure you have a fresh backup/snapshot to revert to. Open the email, get infected to confirm, then delete the email and restore the snapshot.


Or just assume it's infected because most shady email usually is, even if it's from a known contact. I get spam from infected friends all the time, and it gets deleted without being opened. If it's important they call and send again.

 

[dave99]

non-persistant vm.