Experts warn clicking “unsubscribe” on that boring email could actually be a security risk – here’s why
- Researchers are warning about the “unsubscribe here” button in spam emails
- They can be used to redirect victims to malicious pages
- There are other ways to get rid of spam, so users should be on their guard
If you’ve received a spam email with an “unsubscribe here” button at the bottom, don’t press it – it could do more harm than good.
This is according to TK Keanini, CTO of DNSFilter, who recently revealed pressing such a button sends the recipient away from the safety of the email client and into the open internet, where potentially malicious landing pages are lurking.
In fact, Keanini claims that one in every 644 clicks can lead to a malicious website.
How to unsubscribe, then?
Even if clicking the button doesn’t lead directly to a phishing page, other, more subtle, risks, are lurking as well.
Keanini says that hackers would often place that button just to see who clicks – which would also help them determine which email addresses are active and thus worth targeting further.
The general rule of thumb seems to be – if you don’t trust the company that sent the email, don’t trust the unsubscribe process, either.
So, what’s the alternative? The alternative is to unsubscribe through the email client itself, rather than through the email’s body.
Most email clients have “list-unsubscribe headers”, which appear as built-in buttons and thus don’t include source code, Tom’s Guide explained. “If your email header doesn’t contain a link, you can reply on your spam filters, or try blacklisting the sender instead,” the publication further explained.
Those who don’t have these options can use disposable email addresses when signing up for different services. Most email service providers allow users to create throwaway email addresses, as well. For example, Gmail has a feature called “plus addressing” or “Gmail aliases”, which allow users to modify their address by adding a + and a tag before the @gmail.com address.
That way, the email address used during registration could be [email protected]. Messages will still arrive in the inbox, but they can be easily tracked or filtered.
You might also like
Researchers are warning about the “unsubscribe here” button in spam emails They can be used to redirect victims to malicious pages There are other ways to get rid of spam, so users should be on their guard If you’ve received a spam email with an “unsubscribe here” button at the…
