You must sign up with your email on multiple websites so that you can use them, and while registering, you will potentially start getting emails regarding subscription renewal reminders, surveys and feedback, job offers, weight loss program details, webinar invites, and more. These are not only filling your mailbox but also risking your device and personal information. The easiest way to get rid of unwanted emails is through the unsubscribe option on your mailing list, but this easy way may lead to risk.
Imagine you have received an email from many websites that you might not have subscribed to but contain unattractive content, and you decide not to get emails from this website and tap on the unsubscribe button. As soon as you tap on it, you might trigger a malware attack or unknowingly put yourself into a scam. Recent studies show that cyber criminals and hackers are now using a new way to steal information, such as whether your email is active or not, harvesting account credentials, and injecting malware, all of which use the "Unsubscribe now" links.
A report by The Wall Street Journal says tapping on "unsubscribe" links can actually put your device and personal info in danger. When a user clicks on these links, they leave their email area, which is a safer place and is taken to an unwanted website or page somewhere on the web that could be dangerous. TK Keanini, CTO of cybersecurity company DNSFilter, calls it like entering the Wild West of the internet. The concerning point is when the targeted page asks for confirmation by prompting "confirm your email" or "enter your password."
How does this new scam work?
You must have been thinking about how this scam works well; in the deep, the foundation lies in "Email Address Harvesting." Scamsters embed a code in the Unsubscribe buttons while preparing an email; the code is made to track the user who has clicked on it and smartly identify whether the account is active or not. Once they are identified, they are marked as valid by the scammers and now become high-value assets for them.
Scammers know about the feeling of urgency in users to declutter and be relieved from undesirable emails, and that's where they play blended psychological manipulation with technical deception. The main process behind how these scams work includes mainly three steps:
- Asking for the credentials in the name of verifying the user's identity.
- Downloading a confirmation file that is embedded with malware.
- Asking for the "Allow browser notifications" so that persistent phishing ads can run, which are also infected with viruses or malware, risking data and privacy.
How can you stay safe from the Gmail Unsubscribe Scam?
Suppose you have clicked the button, it may not lead directly to the phishing page. According to Keanini, "hackers would often place that button just to see who clicks - which would also help them determine which email addresses are active and thus worth targeting further." Here a general thumb rule implies that says, "if you don't trust the company that sent the email, don't trust the unsubscribe process, either." Keanini claims that one in every 644 clicks can lead to a malicious website.
Here, what can be done then? To your knowledge, you can try black listing the recipients if you see your email header doesn't contain a link or you are able to reply to your spam filters. Alternatively, you have the option to use disposable emails instead of providing your emails everywhere. Gmail offers features that allow you to create a throwaway email address. For example, Gmail allows users to change their address by adding a + and a tag before the @gmail.com address, which they call "Gmail aliases."
Tips to stay safe
Here are simple tips to protect yourself when unsubscribing from emails:
- Gmail has trusted and safer unsubscribe buttons, so you must use your Gmail's unsubscribe option instead of the links inside emails.
- You should start marking suspicious or unknown emails as spam over unsubscribing from them.
- You should strictly avoid clicking unsubscribe links attached to emails by senders you don't know.
- To keep your real email address private, use tools like Apple's "Hide My Email" feature. You can also use browser extensions available for Chrome or Firefox to add extra layered safety.
- Keep your Gmail app updated and your device's security software up to date to safeguard against new vulnerabilities and cyber attacks.
Final Thoughts
The Gmail Unsubscribe scam is an early call to users of how the easy options can be weaponized in the digital age, no matter whether the ground is based on greed and ignorance but on universal desire. On this page, you have found enough information to alert you against the ongoing Gmail Unsubscribe Scam. Hopefully, you have a deeper understanding of how this new scam works and how you can keep yourself safe from it.