Scammers are using consumer loathing towards spam email (opens in new tab) to - send more spam email. As reported by BleepingComputer, a new scam campaign aims to verify if the email the scammers have in their database is valid and active. If they get the needed confirmation, they’ll bombard it with various spam emails.
The campaign is simple in design - the victim will get a basic email with this call to action in it:
“Please confirm your Subscribe (sic) or Unsubscribe. Confirm Subscribe me! Unsubscribe me! Thank you!”
- We’ve built a list of the best email clients (opens in new tab) on the market
- Check out our list of the best email hosting providers (opens in new tab) available
- Here’s our list of the best antivirus software (opens in new tab) right now
The scammers are betting most victims would press the unsub button. However, whichever option they choose, the same thing will happen. Should they indeed choose to unsub, they’ll trigger the email client to send a new email to multiple addresses, all under the scammers’ control.
The email’s only contents are “Please unsubscribe me from your newsletter,” tricking the victim into believing their efforts are legitimate. In reality, the only thing they’d be doing is confirming to the scammers that the email address is active and in use.
A few days after sending this confirmation, the victim’s inbox will get flooded with spam emails.
BleepingComputer confirmed the authenticity of the campaign by “unsubscribing” using a freshly created email address. “After sending unsubscribe/subscribe responses from the new account, in only a few days our new account became bombarded with spam emails”, the publication wrote.
It was also said that these campaigns aren’t necessarily limited to spam emails - nothing prevents the scammers from deploying phishing or social engineering against the target email, which are usually more dangerous and often more difficult to spot and stop.
Security experts are warning all consumers never to click any links they receive in an email, unless they are absolutely certain of the authenticity of the sender and the legitimacy of the link. No legitimate business will ever send an empty email with just “Subscribe or Unsubscribe” options, and without further explanation.
- Here’s our rundown of the best password managers (opens in new tab) out there
Via: Bleeping Computer (opens in new tab)