Why you should be wary about clicking on unsubscribe links in email messages: Internet Scambusters #946
Managing email can be a big challenge, so it's tempting to click that "unsubscribe" link when you receive unwanted email.
But if you do, you could be heading down a path to big trouble that can include malware and identity theft.
In this week's issue, we'll tell you what you should do instead to steer clear of these threats and still be able to reduce your inbox inflow.
Let's get started...
Don't Click That Spam Unsubscribe Button!
Should you click that "unsubscribe" button at the bottom of those pesky spam emails that drop into your inbox by the score every day?
Probably not, say email security experts -- because you could be lining yourself up for a scam or unleashing another torrent of even more annoying messages.
An estimated 54 billion -- that's 54 thousand million -- spam mails are sent out worldwide every day. It's a numbers game. Spammers know that a tiny, tiny fraction of that number will hit home and hook their victims.
But they're greedy. So many of those messages end up at unused addresses. Or they get weeded out by spam detectors in your Internet security app. If only they knew which mails were getting through and being read by users.
Why not put a button inside the message and lure recipients into clicking. Let's call it "unsubscribe," they cunningly think. The frustrated user clicks the button or a highlighted "unsubscribe" link at the bottom of the text. Hey presto! They just told the spammer: "I'm here and ready for more."
This isn't valuable just to the spammer either. The user's address goes onto a list that can be sold to other spammers. So, instead of getting rid of the rubbish, you just invited more of it to pour into your inbox.
More worrying is that some "unsubscribe" links are actually triggers for downloading malware onto your computer.
For example, recently, spammers have been sending out messages seemingly linked to adult and dating websites -- with a prominent "unsubscribe" button linked to malware. They know recipients are highly likely to hit it because it'd probably be embarrassing if anyone else saw it.
In other, similar cases, users who click these links are presented with a form to fill in, which is really just a thinly-disguised attempt to steal information. Initial emails may even be spoofs, appearing to come from a reputable organization, and tricking unsubscribers into giving away confidential information such as passwords.
Spot the Differences
There are also many legitimate news and marketing emails that offer a genuine opportunity to unsubscribe. But how can you tell the difference between those and the baddies?
Of course, you want to limit the flow of messages into your inbox. In a perfect world, you'd only get the stuff you want. To get nearer to that goal, here are some of the actions you can take.
- Check if an unwanted email comes from an address or organization you actually subscribed to. If so, you can probably safely select any unsubscribe option, but it's important to check the sender's address to be sure it's not a spoof as outlined above.
- Watch out for misleading statements at the bottom of a message saying that you previously subscribed to the sender or an associated business. This can mean your address has actually been passed around between different organizations. If you don't remember signing up, it's better not to click the unsubscribe link.
- Use an email service provider that filters out spam at the source. Gmail is a good example of that. The service removes suspected spam before it even gets into your inbox. You can check the online Junk Mail folder now and then to make sure a genuine message didn't end up there.
- Use your email client's (program's) built-in junk filter. Again, many online and desktop email apps have slide-type settings that enable you to select how strictly you want them to automatically remove suspected spam.
- Manually trash any spam emails that you spot and let your app know that it's junk by clicking on the appropriate button.
- Set up spam selecting rules. Again, you can do this with many email apps such as the desktop version of Outlook. For example, if you keep getting rubbish from a known spammer, instruct the app to always move items from their particular address to your junk folder.
- Be cautious about who you provide your email address to. For instance, you can use an instant, temporary email address for any new service you subscribe to and only change it to your real address once you're happy with their messaging. Do a browser search on the words "temporary email address" or use similar terms such as "one time" or "instant," to find one of these services.
Always confine your main email address to friends and others you trust and have separate ones for activities like shopping.
For more information on unsubscribe scams and spams, check out this useful article from the non-profit Identity Theft Resource Center (ITRC): Unsubscribe Email Scam Looks to Trick Consumers.
Alert of the Week
If you're a student, beware of a new advance fee or overpayment scam -- where a victim receives a dud check, part of which has to be paid back.
The check follows an ad aimed at students, offering simple, "easy money," part-time work for one of their college professors, dog walking for example.
The victim then receives a payment check in advance before being asked to return part of the payment using a money wire service. The check bounces, and the student is then out by the amount they forwarded.
It's a new version of an old trick. Double check the source of any job offer and overpayment message you receive. And don't wire money to someone you don't know.
Time to conclude for today -- have a great week!