The danger of unsubscribing from unwanted emails

Unsubscribing from spam emails is risky because if the email turns out to be a phishing email, you can find yourself with malware and/or viruses on your device and your network. Malware and viruses make you susceptible to being hacked and breached. Furthermore, clicking on a malicious link notifies the sender that you have acted on their email and this can result in an even greater volume of spam emails than you had before you unsubscribed.

Verizon’s 2017 annual Data Breach Investigations Report (DBIR), says phishing was found in over 90% of incidents and breaches that featured a social action. But more importantly, many phishing attacks were also found to be avoidable. With this in mind, it has become worthwhile to take a few extra seconds to assess each email before opening or acting on it. 

When is it safe to use an unsubscribe link?

An unwanted email should fulfill all of the criteria below before you use an unsubscribe link. 

1. The content is something you’d expect from a recognizable business.
   • You’ve made a purchase or you’re using or have used their service before. (ie. Banking, credit cards, insurance, retail.)
   • You signed up to receive mailings or you contacted the business for information and got automatically opted in.
   • You are provided with an explanation as to how you ended up on that mailing list. 
2. The grammar and content are correct and the email is professionally styled and formatted.
   

   Hovering over links reveals questionable information. This is a phishing email.

3. The  information in the header of the email (To and Reply To fields) seems logical and related to the business when you look at the actual email address vs. the name of the sender.
4. Reply To is consistent with the rest of the email.
5. The subject and content of the email are not promising you something such as free gifts, money, free concert tickets or free gift cards – a common phishing email feature.
6. The email does not try to scare you into taking action. (ie. You will be locked out of your banking account if you do not respond)
7. The email is addressed to your full name and includes a few digits of your account number in the case of a banking or insurance email. Exception: some people subscribe to mailing lists without using their full or real name. Hopefully you’ll recall names you used for mailing lists, especially if you did not use your full or real name.
8. You hover over each link before clicking on it and nothing seems suspicious. In the screenshot below, notice that hovering over the unsubscribe link shows an address consistent with the email address of the sender. If you are uncertain of any single link, be safe rather than sorry, and do not use the unsubscribe link. 

This email reminds me I am receiving it because I signed up for Baja Fresh EClub.

When is it unsafe to use an unsubscribe link for spam emails?

It is unsafe to use any link, including the unsubscribe link, in any phishing email. If you have the slightest doubt about the authenticity of an email, delete the email and avoid the “Unsubscribe” link.

How to stop malicious, spam or phishing emails:

My answer is so simple that I’d be interested to hear from anyone with a different experience or opinion.

• The best way to stop malicious spam from coming into your inbox is to use an email provider that offers good spam filters.
  • Experiment with and tweak the settings to meet your needs. (I set up my filters to send spam directly to my junk mail folder. There is an option to automatically delete junk mail rather than send it to a spam folder, but that risks deleting a few legitimate emails so I don’t do this.)
• Set up your email account so you can preview a line or two of your emails without opening them. As you can see in the image below, there are ample clues that these emails aren’t safe to open.

• Hopefully emails such as the ones above are found only in your spam folder. However, if they are found in your inbox, move them to your spam folder without opening them so that your mail service provider can learn to move similar emails or emails from that same address directly to your spam folder next time. 
• Look over your spam folder(s) regularly to make sure non-spam emails haven’t ended up there. Then use your “select all” keys on your keyboard to select all your spam and to quickly delete them all together.

In the past, it was easy to spot a phishing email based only on unprofessional format and bad spelling and grammar. Nowadays, the overall appearance and format of many spam emails has improved dramatically. Since appearance alone can no longer be used as the basis for determining the legitimacy of an email, I’ve found it’s become more worthwhile then ever before to concentrate and pay attention to the simple task of going through my emails. It’s a nuisance taking the extra time to evaluate each email but it beats the alternative of dealing with a frustrating, costly, and time consuming problem after accidentally activating a malicious phishing email.

Until next time,… Stay Cyber Safe!