Watch Out for Malicious Unsubscribe Links
In addition to the flood of spam texts you receive on a daily basis, your email inbox is likely filled with newsletters, promotions, and other messages that you don’t care to read and perhaps don’t know why you receive. But you shouldn’t just start clicking unsubscribe links, which may open you up to certain cybersecurity risks.
Email unsubscribe links may be malicious
While email unsubscribe links may seem innocuous, especially if you generally trust the sender, security experts say there are a number of ways in which threat actors can leverage these links for malicious purposes. Like responding to a spam text or answering a spam call, clicking “unsubscribe” confirms that your email address is active, giving cyber criminals an incentive to keep targeting you.
In some cases, unsubscribe links can be hijacked to send users to phishing websites, where you are asked to enter your login credentials to complete the process. According to the folks at DNSFilter, one in every 644 clicks of email unsubscribe links can land you on a malicious website. While you do have to confirm your email address in some legitimate cases, you shouldn’t enter a password, which is likely a scam.
Bottom line: If you don’t trust the sender, you certainly shouldn’t trust any links contained within the email.
How to safely unsubscribe from emails
Even if unsubscribe links are safe, it’s a pain to go through the multi-step process of clicking through individual emails and opening new browser windows to confirm. To minimize hassle and avoid the risk of malicious links in individual emails, you can use unsubscribe features built into your email client, which are less likely to be compromised by threat actors because they aren’t tied to the email itself.
In Gmail, tap More > Manage subscriptions in your left-hand navigation bar (Menu > Manage subscriptions on mobile) and scroll to the sender. Click Unsubscribe to the right of the number of emails sent recently. You can also unsubscribe from individual emails by opening the message and clicking Unsubscribe next to the sender’s name. In some cases, you may be directed to the sender’s website to complete the process. (Note that Gmail may not consider all email campaigns eligible for one-click unsubscribe.) You can also mark the message as spam or block the sender.
What do you think so far?
In Outlook, go to Settings > Mail > Subscriptions > Your current subscriptions and select Unsubscribe, then tap OK. Alternatively, you can block the sender by clicking the three dots and selecting Block > OK.
Alternatively, you can filter unwanted emails to a different folder (including spam), so while you’ll still receive them, they won’t clog up your main inbox. In Gmail, open the message then click More > Filter messages like these to set up filter criteria, whether that’s sending to another folder, deleting it, or marking it as spam. You can create similar rules in Outlook by right-clicking the message in your message list and going to Rules > Create rule.
A final option is to use a disposable email alias to subscribe to newsletters and promotional emails or when signing up for accounts, which makes it easy to filter messages or delete the address entirely without affecting your main inbox.
