Unsubscribing from that email may just lead to further spam

(Image credit: Image Credit: Geralt / Pixabay)

Scammers are using consumer loathing towards spam email to - send more spam email. As reported by BleepingComputer, a new scam campaign aims to verify if the email the scammers have in their database is valid and active. If they get the needed confirmation, they’ll bombard it with various spam emails.

The campaign is simple in design - the victim will get a basic email with this call to action in it:

“Please confirm your Subscribe (sic) or Unsubscribe. Confirm Subscribe me! Unsubscribe me! Thank you!”

The scammers are betting most victims would press the unsub button. However, whichever option they choose, the same thing will happen. Should they indeed choose to unsub, they’ll trigger the email client to send a new email to multiple addresses, all under the scammers’ control.

Spam scam

The email’s only contents are “Please unsubscribe me from your newsletter,” tricking the victim into believing their efforts are legitimate. In reality, the only thing they’d be doing is confirming to the scammers that the email address is active and in use.

A few days after sending this confirmation, the victim’s inbox will get flooded with spam emails.

BleepingComputer confirmed the authenticity of the campaign by “unsubscribing” using a freshly created email address. “After sending unsubscribe/subscribe responses from the new account, in only a few days our new account became bombarded with spam emails”, the publication wrote.

It was also said that these campaigns aren’t necessarily limited to spam emails - nothing prevents the scammers from deploying phishing or social engineering against the target email, which are usually more dangerous and often more difficult to spot and stop.

Security experts are warning all consumers never to click any links they receive in an email, unless they are absolutely certain of the authenticity of the sender and the legitimacy of the link. No legitimate business will ever send an empty email with just “Subscribe or Unsubscribe” options, and without further explanation.

Via: Bleeping Computer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.