Last week, I received an email from a friend on the other side of the country. It contained no body text — just a rather odd-looking attachment with an HTML extension. But the Subject read, “Important Document for Review.” Even though I knew it would come across a bit snobby, I dropped him a note saying, “You know, I’d just as soon not have to open an unsolicited attachment if I didn’t have to.” Then I asked him what it was about. His reply was curt: “But it’s not unsolicited. I sent it to you.” I found his response to be a bit odd, but at the same time, he seemed to be a bit frustrated with me. Because he was my friend, I felt a bit embarrassed writing him again, but, because I receive a lot of email, I wrote once again, saying, “Still, would you mind telling me what’s in the attachment?” This time, he didn’t write back. I thought, “Great. Now you’ve really offended the guy, Doug.” So at this point, I glanced down at my system tray to make sure my antivirus was running (and it was), then opened the attachment. I felt foolish being so overly-skeptical. I have my email client configured not to open any kind of file at all. So when I clicked on the HTML, it only read the mark-up language, but balked on opening up any of the program code beneath the hood. All I could see was that it was some kind of Google doc; I still couldn’t tell what it was supposed to be. So I wrote my friend one last time, completely convinced that I was going to annoy him to no end as I said, “I opened your attachment, and saw it was some kind of Google Doc, but my email client is configured to be kind of dumb. Can you tell me what I’m looking at here?” No response. I figured I’d lost him as a friend for good. The next day, I received a note from him saying his email had been hacked. “Unfortunately, my email account was hacked. Do not open this email or follow any instructions contained in in it. Please delete it immediately. I am sorry for any inconvenience this may have caused.” It was at that point I realized — I had almost turned off my safeties to open the program code. Almost. So … how does one know for certain that the email they receive is actually from one’s friend and not from an evil-doer? My conclusion: It’s impossible. All I know is this: Be skeptical, run a great antivirus program, and pray for the best. But be skeptical of everything. And at the end of the day, if you can’t call the guy, just don’t open the attachment. Period. It’s the only way I know.