In what ways can an E-Mail compromise my system?
by platypo from LinuxQuestions.org on (#6HBS1)
Hello and thanks for overlooking and deleting my recent panic-post here. I still would like to inquire about it one more time.
I tried to make myself familiar with linux systems for serveral years, but never managed to get truly into the issue, so for the past serveral years i've just been happy to be able to use a stable desktop-system with good support for free.
Recent uncanny encounters like e-mail addresses indicated on www.haveibeenpwned.com, 2FA-notifications on my cellphone without me trying to log in anywhere and a drastic increase of scam e-mails that become more and more 'acurate' and difficult to recognize as scam raised my alert level.
Recently i received another questionable e-mail. The sender was the full name of a familiar and trusted person, a business owner using the services of a respectable onlinebusiness for his arrangements, and the sender address was a noreply-email from said service provider. There was no obvious occasion for this e-mail being sent and upon inquiry, the supposed sender did not arrange to send it in any way. It contained HTML-code with 2 external references. Unfortunately i was in a hurry and lightheadedly clicked on 'toggle to HTML-Mode' in my E-Mail-Client in the belief that it's trustworthy. It showed a form with bank account information of the sender, and a reminder to pay a fee. It all looked real congruent and nonchalant, but the sender-address (the noreply@...) and the missing occasion made me suspicious, not to say a little nervous after allowing html-depiction.
I am currently in correspondence with the service-provider of my friend, the supposed sender and they are investigating based on the mail itself and its technical headers.
My question to LQ would be: What are the factual risks when switching to HTML-Mode in my email Client? I'm using Debian 12, i dare to say that it's halfway well maintained, with KDE, KMail being the email client.
If you need any further information feel free to ask, i hesitate to post the html-code or the external references here, scince they contain sensitive data of a familiar person.
Thanks in advance.
I tried to make myself familiar with linux systems for serveral years, but never managed to get truly into the issue, so for the past serveral years i've just been happy to be able to use a stable desktop-system with good support for free.
Recent uncanny encounters like e-mail addresses indicated on www.haveibeenpwned.com, 2FA-notifications on my cellphone without me trying to log in anywhere and a drastic increase of scam e-mails that become more and more 'acurate' and difficult to recognize as scam raised my alert level.
Recently i received another questionable e-mail. The sender was the full name of a familiar and trusted person, a business owner using the services of a respectable onlinebusiness for his arrangements, and the sender address was a noreply-email from said service provider. There was no obvious occasion for this e-mail being sent and upon inquiry, the supposed sender did not arrange to send it in any way. It contained HTML-code with 2 external references. Unfortunately i was in a hurry and lightheadedly clicked on 'toggle to HTML-Mode' in my E-Mail-Client in the belief that it's trustworthy. It showed a form with bank account information of the sender, and a reminder to pay a fee. It all looked real congruent and nonchalant, but the sender-address (the noreply@...) and the missing occasion made me suspicious, not to say a little nervous after allowing html-depiction.
I am currently in correspondence with the service-provider of my friend, the supposed sender and they are investigating based on the mail itself and its technical headers.
My question to LQ would be: What are the factual risks when switching to HTML-Mode in my email Client? I'm using Debian 12, i dare to say that it's halfway well maintained, with KDE, KMail being the email client.
If you need any further information feel free to ask, i hesitate to post the html-code or the external references here, scince they contain sensitive data of a familiar person.
Thanks in advance.