If you click an “unsubscribe” button on a no-longer-wanted email, the sender can immediately learn your email software, browser choice and operating system.
NEW YORK – Question: When is it safe to use the unsubscribe button on email that I don’t want to get anymore?
Answer: There are so many ways for your email address to get on a mailing list, and how you got added is the primary key to deciding if the unsubscribe button is safe.
Unfortunately, malicious cyber thieves have long used what appears to be a legitimate message with an unsubscribe option to perpetrate a variety of scams and attacks.
Do you know the organization? If you’ve done business with a company or if you specifically signed up for a newsletter or other forms of correspondence from the organization, then the unsubscribe option is safe.
If you’ve never heard of the company and you never subscribed in the first place, then clicking on the unsubscribe button in the message can be risky.
Why unsubscribe buttons can be risky: In the past, the unsubscribe button was simply used by spammers to get you to validate your email address so they could sell it to other spammers. Not only does it validate that your address is in active use, it also shows the spammers that you opened the message and read it.
When an unsubscribe button leads to a website, the scammers can gather additional info such as your general location, which browser you’re using, and whether you are running Windows or the macOS. This can help them determine the best way to try additional exploits based on the software you are using for email, your browser choice and your operating system.
Most scam websites likely will attempt to place a tracking cookie on your computer, which allows them to identify you when you visit any of their websites.
The biggest risk: Today’s scammers and cyber thieves are very sophisticated and tend to use blended attacks, which means they don’t try just one thing. One of the most dangerous things that can happen if you click on a rigged unsubscribe button is that the rigged website can attempt to exploit known vulnerabilities that you may not have patched.
Keeping in mind that they can easily know which operating system and browser you’re using, and the attack can be customized to your specific setup.
This is why the constant harping from the tech world to keep EVERYTHING updated is so important, especially your operating system and browsers in this case.
Use the spam option: The best way to deal with unsolicited messages is to bypass the unsubscribe button and mark the message as spam in your email program.
This will cause future messages from that specific sender to be sent to your junk folder and help spam tracking systems that help everyone improve.
When not to use the spam tool: If you mark something as spam from a company that you do business with, especially if you care about them, it can negatively impact that company.
Legitimate companies that you know you’ve done business with would appreciate that you use the unsubscribe button, but when it doubt, spam it out!