Back to the Blog

Can Opening An Email Get You Hacked?

Mark Lukehart

man reading an email

The average office worker receives over 120 emails per day. 

So much of our personal and professional communication these days is online, and you’ll want to make sure you’re safe while accessing your email account. 

Hackers have become increasingly savvy in recent years, and their attempts to access your information have become more sophisticated and covert. 

So can opening an email really get you hacked? Here’s what you need to know. 

Can Opening An Email Get You Hacked?

Yes. There are some types of emails that can cause damage immediately upon opening, but if you know what to look for, you’ll usually be able to avoid them. 

This typically happens when an email allows scripting, which allows the hacker to insert a virus or malware directly into the email. 

What puts me at risk of being hacked?

Opening Or Downloading Attachments

The thing that puts you at the biggest risk of being hacked is opening an attachment in an email message. Hackers can hide viruses, ransomware, and other types of malware in these pieces of media. This malware can damage your systems and even compromise sensitive information like your passwords, bank account information, location, and more. Keep in mind that images are also attachments and can contain malware. 

Clicking A Link

Clicking a link in an email from a hacker can also have serious consequences. These links can take you to a website that results in an involuntary malware download or some other form of digital tracking. These links can also take you to a site that mimics a popular social media platform or financial app. These sites will often trick you into providing your username and password for these platforms, which they can use to steal your identity. 

Phishing email example. Source.

Replying To The Email

You also put yourself at risk by replying to emails from people you don’t know or trust. Hackers have gotten incredibly creative with phishing scams in recent years, and it can sometimes be difficult to tell what is a scam and what is real. These hackers will often pose as a person or organization in need of support and manipulate you into providing their personal information. 

More sophisticated hackers will often pose as a website or app that the recipient already interacts with on a regular basis. They then mislead you so you will provide your password, phone number, or other personal information. 

How Common Are Email Attacks?

Email attacks are much more common than many people realize. In 2020 alone, roughly 75 percent of organizations received some kind of phishing email, although most were not successful. 

And this is just the data on phishing attacks – 92 percent of all malware is delivered via email. Perpetrators have come up with a wide variety of strategies to gain access to online accounts. 

In fact, cybercrime went up significantly during the COVID-19 pandemic. With so many people working from home, email communication became even more important than it was previously. Many cybercriminals started sending out emails posing as the CDC or WHO with malicious attachments or links about current case numbers, vaccine information, and other information that would be relevant to the recipients. 

As email technology improves, hackers have learned to adapt quickly. It’s unlikely that email attacks will go away anytime soon, which means that we will need to be vigilant to protect your personal data. 

Consequences of Email Attacks

The consequences of an email attack can be very serious and aren’t something to be ignored. Email hacks can quickly get out of control if you don’t take action right away. 

The first thing that hackers will usually do is gain access to your email contacts. They will use this information to send scam emails to your contact list in an attempt to hack them as well. If you use the same passwords for your social media accounts as you do for your email, they may also gain access to these and start posting as you. 

Through a suspicious email, the hacker can put malware on your computer or mobile device. This malware can track you and gain access to even more of your personal information. In particular, the malware will look for access to your bank account and credit cards, which they can use for identity theft. 

When hacking corporate accounts, they will also look for access to secure business information, which they could then use as part of a ransomware attack. An attack on your work computer or phone isn’t just dangerous for you – it could also compromise the security of your entire company. 

Types of Email Attacks

There are many different types of email attacks to watch out for. As technology has changed and security software has gotten better, cybercriminals have developed new strategies and new types of attacks. Here are some of the most common types of email attacks to watch out for. 


Most people will receive phishing emails at some point, even if they aren’t successful. 

In a phishing email, the hacker will pretend to be a reputable organization or person. They will then use this unearned trust to manipulate the recipient into willingly sharing their personal information. 

When looking at a phishing email, there’s usually some sign that the sender isn’t who they claim to be – this could be an abnormal email address, uncharacteristic spelling mistakes, or links that seem out of place, for example. 

However, phishing attacks have become increasingly sophisticated in recent years as hackers have learned to better mimic reputable organizations and come up with new strategies. This is why it’s so important to err on the side of caution with questionable emails. 

There are some types of phishing attacks that you’re more likely to encounter at work. Spear phishing is a specific type of attack where the sender will pretend to be someone inside your organization and use personal details to gain your trust. If you are in a C-suite position, you may also experience whaling, in which the hacker specifically targets high-level individuals. 


A questionable email with attachments may contain spyware. Spyware is often hidden in attachments that contain legitimate software downloads, or in photo or video attachments that look harmless. 

Spyware puts trackers on your computer and sometimes in your web browser. These trackers monitor the websites you visit and the people you communicate with to find account passwords, credit card information, and more. 


Adware is a specific type of malware that places unwanted ads on your computer or mobile device. In addition to being very irritating, these ads can install spyware to track your online activity. Adware is usually placed in spam emails. While many spam emails are harmless, they are a perfect vehicle for attacks because they contain so many links and photos. 


Attachments in suspicious emails can also contain ransomware. Ransomware is a type of malware that will capture secure information from your computer and then demand money to give that information back. Cybercriminals often use ransomware to target organizations rather than individuals. This is because companies often have a large amount of secure customer information that is very valuable. 

How To Avoid Getting Hacked Via Email

The best way to avoid getting hacked via email is just to use common sense and be cautious before opening any new email. When you get an email, check to make sure it is from someone you know and trust before clicking any links or opening any attachments. Here are some other things you can do to avoid potentially dangerous emails. 

  • Choose platforms with multifactor authentication. This requires you to confirm your identity on another device before you can log into your account. This extra layer of security is very effective in keeping hackers out. 
  • Use a strong and unique password that isn’t easy to guess. There are plenty of excellent password generator tools that can help you find a good one, such as LastPass.
  • Double-check the spelling of the email sender’s name. If it’s a hacker sending the email, chances are there will be something slightly off about it. 
  • Double-check the spelling of the sender’s domain name. Hackers typically won’t have access to secure domain names, so they will choose something that is slightly off. 
  • Double-check the top-level domain (TLD) of the email. For example, a hacker might use .co rather than .com.

How To Know If Your Email Has Been Hacked

You won’t necessarily notice if your email has been hacked right away. Here are some signs to watch out for. 

  • You can’t open your email account. Hackers will often set a new password and security questions to ensure you cannot get back into your account. 
  • Your contacts tell you about strange emails or social media messages coming from your account. You may also notice these strange emails in your outbox. 
  • Your computer is running slowly. If you’ve opened an email that contains some sort of malware, it could cause your computer to run slowly or act strangely. 

Email Attacks: Final Thoughts 

In general, just opening an email isn’t going to get you hacked. However, clicking on links or attachments in an email can be very dangerous for you and your company. While exercising caution can help you avoid most email attacks, it’s also very important to make sure you’re using a reliable online security system to protect you even further.