While it’s a smart idea not to allow images to be displayed in HTML emails until you are sure about them (or even not to autopreview), some people can’t be bothered to figure out how to change the configuration.

As well, some new spams only contain one thing, an image link. If you click anywhere to get the image (just to see what it is about) it’s as bad as clicking on a normal link embedded in an email.

And it’s worth reminding people that just because it says “http://www.paypal.com/members/login.php” and looks legitimate, doesn’t mean that’s where the link is going to take you. Outlook and some other email agents are getting better at popping up a tip that shows the real destination, but that can be missed if you click too fast.

Just don’t click anywhere if you aren’t expecting it. Even better, if you know how, turn off autopreview and HTML image loading in your email agent. If you don’t know how, ask someone.