Contents:
In order to confirm authentic email addresses that can be utilized in future phishing and spam operations, fraudsters are now employing false unsubscribe spam emails.
In these emails, spammers merely ask if the user wants to unsubscribe or subscribe. The emails don’t give any further information on the things you are unsubscribing or subscribing to and are being used by hackers to check whether the receiver’s email is valid and vulnerable to phishing attacks and other malicious activity.
The “confirmation” emails use mail subjects, such as “We_need your confirmation asap”, “Request, please confirm your unsubscription”, and “Verification.”
The email messages are rudimentary, with only colorful boxes containing links asking whether you would like to unsubscribe or subscribe.
If you click on the embedded subscribe/unsubscribe links, it will cause your mail client to create a new email that will be sent to several different email accounts under the hacker’s control.
When users send this email, they think they will be unsubscribed from future emails, but the truth is that spammers check if their email addresses are valid.
A test conducted by BleepingComputer showed that their response to different confirmation emails with subscribe or unsubscribe led to their newly created account becoming swamped with spam emails.
This test further confirmed that spammers are using these subscribe/unsubscribe emails to filter their mailing lists and check email accounts vulnerable to these types of scams and phishing attacks.
The best thing to do when receiving an email that asks you to subscribe or unsubscribe is to disregard it and mark it as spam.
Heimdal® Email Security
- Completely secure your infrastructure against email-delivered threats;
- Deep content scanning for malicious attachments and links;
- Block Phishing and man-in-the-email attacks;
- Complete email-based reporting for compliance & auditing requirements;
Unfortunately, there is no way to keep yourself completely protected from phishing attacks. They are inevitably going to happen, however, you can be careful about the emails, phone calls, SMS that you receive and not click any suspicious links.
Also, it is not recommended to open any attachments or provide personal information on a pop-up screen. Authentic companies don’t request the user to enter private data inside a pop-up.