Scammers are now misusing unsubscribe buttons to confirm email addresses: Report
The mail does not inform users what they are unsubscribing from. Once users click the email, the scammers know their email address is real.
Nobody likes spam, whether it is in the form of calls, messages or emails. Modern email service like Gmail and Outlook have gotten very good at detecting and filtering out spam email from your inbox, but the occasional mail can sometimes slip through the cracks. While many mail services allow users to “unsubscribe” from unwanted emails, scammers are now taking advantage of the same system to “confirm” people’s email accounts.
When you sign up for a newsletter, you need to enter your email address that must be confirmed by clicking a link (or entering a code) that is emailed to you. This is so that companies can ensure that their mails are delivered only to the intended recipients. They also allow users to unsubscribe from these emails, by clicking a link at the bottom of the email.
More From This Section
When users try to click on the button, it actually confirms to the scammers that it belongs to a real user, so they can sign up the same ID for future scam emails and dangerous fraudulent emails. The report also states that the scammers will use subjects lines like "We_need your confirmation asap", "Request , please confirm your unsubscription", and "Verification" and more to trick users to click on the link.
When Bleeping Computer tried to test what the button did using a throwaway email address, it was discovered that it would link to multiple email addresses. After sending the “unsubscribe” email to these addresses, the test account was reportedly “bombarded” with spam emails – this shows that the scammers have used the unsubscribe button to confirm that the user's email address is “active” and "real" before sending spam.
In order to stay safe from these scams, it is important for users to avoid clicking any links in unknown emails. If you see a message to unsubscribe, you can simply mark the email as spam – this is extremely effective and will train your mail provider to identify such emails in the future and block them automatically.