So I have been against the use of HTML code in e-mail ever since it first started becoming popular, and now that e-mail clients more often than not come with that particular feature enabled by default, it’s time for me to share one of the many reason why I advise people against the practice.
This e-mail message came into my personal inbox a couple of nights ago. This is how it looks with HTML enabled:
Now I know this is a scam, but it’s easy for me to spot them. 80 year-old grandparents might click on the link thinking one of their grandchildren actually sent them an e-card because they don’t know any better. And if they did, their computer would most likely become compromised. Here is the e-mail with the HTML disabled:
Notice that with HTML disabled, it displays the actual link embedded in the message, and it’s a .EXE file, or executable file for Microsoft Windows machines. This executable file would install malicious software onto the computer of anyone clicking on it. .EXE files are merely one example of malicious code that can be inserted and hidden in HTML code. This is the primary reason I disable HTML in my e-mail clients. It displays anything that can be hidden by HTML code, making it much easier to identify junk, scam, and malicious e-mail messages.
Now I understand that HTML allows people to “prettify” their e-mail messages, but given the point of e-mail, which is to convey information, does it really matter if grandma reads your message in 20-point Comic Sans font on a butterfly background?
Consider disabling HTML in your e-mail client to increase your awareness and security. If you require assistance, please call. It’s usually a very quick and painless change in the e-mail settings.