Home / Tech / News / Scammers are now misusing unsubscribe buttons to confirm email addresses: Report
tech

Scammers are now misusing unsubscribe buttons to confirm email addresses: Report

The mail does not inform users what they are unsubscribing from. Once users click the email, the scammers know their email address is real. 

Representational image: Email spam is one of the fastest avenues of the spread of fraudulent emails today, 
Representational image: Email spam is one of the fastest avenues of the spread of fraudulent emails today, 

Nobody likes spam, whether it is in the form of calls, messages or emails. Modern email service like Gmail and Outlook have gotten very good at detecting and filtering out spam email from your inbox, but the occasional mail can sometimes slip through the cracks. While many mail services allow users to “unsubscribe” from unwanted emails, scammers are now taking advantage of the same system to “confirm” people’s email accounts.

Also read: Twitter’s PayPal integration for Tip Jar could expose email IDs, addresses

When you sign up for a newsletter, you need to enter your email address that must be confirmed by clicking a link (or entering a code) that is emailed to you. This is so that companies can ensure that their mails are delivered only to the intended recipients. They also allow users to unsubscribe from these emails, by clicking a link at the bottom of the email.

More From This Section

Bleeping Computer found that clicking the link takes a user to their email app and enters multiple email addresses to “unsubscribe” from. 
Bleeping Computer found that clicking the link takes a user to their email app and enters multiple email addresses to “unsubscribe” from.  (Bleeping Computer)

When users try to click on the button, it actually confirms to the scammers that it belongs to a real user, so they can sign up the same ID for future scam emails and dangerous fraudulent emails. The report also states that the scammers will use subjects lines like "We_need your confirmation asap", "Request , please confirm your unsubscription", and "Verification" and more to trick users to click on the link.

Read more: Antivirus software pioneer McAfee charged by US with cryptocurrency fraud

When Bleeping Computer tried to test what the button did using a throwaway email address, it was discovered that it would link to multiple email addresses. After sending the “unsubscribe” email to these addresses, the test account was reportedly “bombarded” with spam emails – this shows that the scammers have used the unsubscribe button to confirm that the user's email address is “active” and "real" before sending spam. 

In order to stay safe from these scams, it is important for users to avoid clicking any links in unknown emails. If you see a message to unsubscribe, you can simply mark the email as spam – this is extremely effective and will train your mail provider to identify such emails in the future and block them automatically.  

Follow HT Tech for the latest tech news and reviews, also keep up with us on Twitter, Facebook, and Instagram. For our latest videos, subscribe to our YouTube channel.