You receive many emails throughout your day. You may be tempted to unsubscribe from these various email addresses. However, recent analyses have determined that some are using emails you didn’t sign up for through social engineering.
Social Engineering, at its core, is all about manipulation. With the amount of data shared on the internet, all malicious actors have to do is pick their target. Then, using the provided data, they will send emails and phone numbers to their target, claiming they need to verify something in a common program you would typically use. The victim, if unaware, will input the data as requested, and the hackers have all they need to cause incredible amounts of damage.
In recent weeks, a new scam has emerged that can exploit people's inattentiveness when clicking through emails. Instead of sending emails that are connected to your own subscribed feeds, they just send spam emails to anything that might be of interest to their victims. Thanks to some quick information gathering on the part of the malicious actors, they simply send emails of stuff that might interest you and pray you might have forgotten. You then go to click it and bam, your compromised as you are sent to a similar looking website.
“In some cases, the links redirect users to lookalike login pages or prompt users to enter credentials to "complete the unsubscribe process." Cybersecurity company DNSFilter reported that approximately 1 in every 644 unsubscribe links analyzed was tied to malicious content. (1)
In other words, while some people aren’t fooled, they still manage to find ways to sneak their way into your inbox. According to the Wall Street Journal, there are a variety of risks associated with these malicious unsubscribe links. The lowest risk is that bad actors who have acquired your email address are testing to see if it is a live one, experts say. Clicking on that unsubscribe link “tells attackers you’re a real person who interacts with spam,” says Michael Bargury, chief technology officer and co-founder of artificial-intelligence-agent security company Zenity. It may not cause immediate harm, but it “can make you a bigger target in the future.” (2)
That simple poke into your email opens the door for more. Once clicked on the unsubscribe link, their attack pattern starts. The link itself can download various viruses and spyware onto your computer. It can even spoof your banking and other personal information. Then, once they have all the credentials they need, you're now a victim, and they move on to the next person of interest in their quest for money and other valuable data.
To prevent such negligence in the future, PC World recommends several of the following steps:
- Avoiding the links themselves: It seems simple but links and other documents from other unknown sources are not your friends. Don’t click on them,
- Go to the website: If it’s a website you're familiar with but do not know if you're subscribed or not, go straight to the website and follow the unsubscribe rules for the associated website.
- Adjust your spam folders: One of the easiest ways to keep yourself from falling for this is simply adjusting your spam folders. Marking it as spam is simple, but the actors will just find another way to steal it. Another way is to specify words and phrases to filter it out. Either way, the idea is out of sight and out of mind. If you don’t see it, you’re not tempted to press it.
- Review your cybersecurity protocols: Even without the threat of these links, it’s always a good idea to keep up to date with your company’s protocols and the latest trends in cyber threats. (3)
Spam is an unfortunate way of life on the internet, and though most are relatively benign, there is still an underlying danger. Hackers have found a way to spam your subscriptions and those you don’t have subscriptions for. But like many things on the internet, it’s a trap waiting to steal your data. Never click on those links or any documents in said emails; go to the website in question to unsubscribe. Adjust your spam settings in your email to prevent them from even getting their foot in the door. As always, stay up to date on the latest cyber threats.
