Nobody likes to see their email inbox flooded with hundreds of pieces of junk mail and spam.
But cybersecurity experts warn that unsubscribing from all those annoying mailing lists could be putting you at serious risk.
Experts say that hackers are now using fake ‘unsubscribe’ buttons to steal your passwords and personal information.
At least one in every 644 subscription links can actually lead to a malicious website, according to an analysis by DNSFilter.
That might not sound like a large amount, but with spam emails making up around 45 per cent of all emails worldwide, that translates into a lot of dangerous links.
Jake Moore, global cybersecurity advisor at ESET, told MailOnline: ‘Criminals use links to lure in their victims and will sometimes cleverly place fake unsubscribe links in their emails to trick recipients into clicking on them.
‘But not only will this confirm that the email address is active, making it a target for more scams, it could also redirect someone to a fake website in an attempt to collect personal details or login information.
‘In extreme cases, it could even automatically download malicious software onto the device without the person’s knowledge too.’
Cybersecurity experts have warned that clicking on the ‘unsubscribe’ link in an email could be putting you at risk (stock image)
Since 2003, most businesses sending marketing emails to UK customers have been required by law to tell recipients how to opt out of future messages.
Typically, this takes the form of an ‘unsubscribe’ link at the bottom of the email which redirects the user to a website where they can opt out of the mailing list.
What makes this risky from a cybersecurity perspective is that, by clicking the link, you are leaving the protected environment of your email client and entering the open web.
Here, you are a lot less protected from malicious attacks and criminals have a lot more ways of getting to your valuable data.
In the least dangerous scenario, clicking this link simply tells the sender that your email address is active and that you are checking your messages.
Mr Moore says: ‘In most cases it will actually increase spam by confirming a live email address and that they actively read their emails.
However, in more serious cases, these fake links can have much bigger consequences.
As Mr Moore points out, you might be redirected to a ‘phishing’ website.
Experts say that criminals are using these links to lure their victims onto malicious web pages where they can steal their data (stock image)
These pages can be cleverly designed to look like the websites of legitimate businesses but are entirely designed to harvest your data.
For example, you might be asked to ‘confirm your identity’ by providing details such as your name and phone number, which can help hackers attempt more sophisticated attacks.
Alternatively, the hackers might try to steal your passwords by asking you to ‘log in’ in order to opt out of further emails.
In order to avoid these attacks, it is important to bear in mind that you can’t trust everything that arrives in your email inbox.
Tim Keanini, DNSFilter CTO, told The Wall Street Journal: ‘Trust is relative. I trust my email client, but I don’t trust what’s inside the email.’
That means you shouldn’t click on any links in an email if you don’t 100 per cent trust the person sending it to you.
Mr Moore adds: ‘Generally, messages that try to create panic or some sort of urgency are deemed ones to look out for as this is still a direct tactic used by criminals to entice a reaction.’
‘If the email looks suspicious, it’s best to avoid clicking anything in it at all.’
This is an example of a fake unsubscribe link, posing as an email from The Home Depot which was spotted by a Reddit user. Experts say it is best to avoid following any links unless you can absolutely trust the sender
But if the spam emails are clogging up your inbox and you don’t trust the unsubscribe link, there are safer ways to opt-out.
One option is to directly unsubscribe through your email client using a button which should appear at the top of the email.
For example, if you open an email in Gmail, you should see a blue ‘unsubscribe button’ at the top of the page next to the sender’s address.
Since these links are generated by your email client, they won’t contain any malicious code and should be safe to click.
If this option doesn’t appear you can also use your email filters to avoid getting any more emails from the sender without unsubscribing.
Mr Moore says: ‘It’s generally safer to mark the email as spam or junk using the email provider’s tools which helps filter similar messages in the future.
‘People can also block the sender entirely too, if they feel that isn’t working.’
By doing this, you can keep your inbox clear of junk without needing to follow any potentially risky links.
