Skip Tags

Popular Tags

Decorative icon

The Resource Center Online Security Issues & Protection The Resource Center | article

Think Twice Before Clicking ‘Unsubscribe’

Clicking "unsubscribe" might only make spam worse.

Over time, nearly everyone’s email inbox starts to get cluttered. Think about how many websites require your email address just to sign up. Online retailers, news publications, software programs and even games all use your email address as an identifier, one that conveniently gives them the information they need to send you updates and promotional material. While some of these messages are certainly welcome, others can get annoying fairly quickly, especially considering the sheer volume of companies that send marketing materials via email – not to mention the scores of spam sites that overwhelm inboxes with phony promotions and phishing attempts. For many savvy consumers, the tiny “unsubscribe” button sitting at the bottom of each email offers a chance for relief. However, one popular scam even hijacks this useful button, directing even more spam toward frustrating consumers looking to opt out.

In this so-called “unsubscribe scam,” fraudsters use the link labeled “unsubscribe” not to direct consumers to a page where they can opt out of emails, but to a website that downloads malicious software on the victim’s computer. In other versions, the subsequent web page prompts people to provide personal information to “sign up” for a do-not-contact list, the Identity Theft Resource Center reported.

However, instead of finding relief, victims may end up with even more spam. That’s because at first, the spammers might simply guess at possible email addresses using combinations of names from social media accounts. Then, once you click the link, you effectively let the spammers know there’s a real person behind the email address, reported NBC.

“In reality, that’s usually an indicator to increase the level of things they send to you,” Marc Maiffret, former hacker turned cybersecurity expert told the news outlet. “We even see when you click unsubscribe, it’ll take you to a website and the website will actually try an attack against your computer.”

Obnoxious emails aren’t the only frustrating part of this scheme. The malware that unsubscribe links might trigger could steal personal data or passwords from victims’ computers, putting them at an increased risk of identity theft. Or, by offering up personal data to join opt-out lists, people might unknowingly be filling out a profile ID thieves can use to commit credit fraud or other types of identity theft.

Alternatives to unsubscribing

To protect your identity from scams like these, avoid clicking unsubscribe links unless you’re sure the email is from a legitimate company you’ve done business with. Instead, try taking these actions:

  • Report the email as spam: By alerting your email provider that an email you received is junk, you can help it learn which emails to block in the future, ITRC reported. While some annoying messages will still enter your inbox, most email providers will block similar emails from that sender going forward.
  • Contact the spammer’s email service: In addition to alerting your own email provider, try reaching out to the spammers. According to IDTC, users have to enter into an agreement with their email provider that any mail they send out will only be directed to people who have opted in. Spammers usually fail to get consent from their recipients, and when they do it is often gathered without their knowledge. By reporting violations of this sort to the mail provider itself, you may be able to prevent scammers from sending you future emails.

If you’re a frequent target of spam emails, there is a chance your identity could be compromised as well, or at least that you are at an elevated risk of ID theft. To add a layer of protection to your identity, consider signing up for a credit monitoring service like Identity Guard.