That 'Unsubscribe' Button Could Be a Trap, Researchers Warn (msn.com)
- Reference: 0178068277
- News link: https://it.slashdot.org/story/25/06/16/1935213/that-unsubscribe-button-could-be-a-trap-researchers-warn
- Source link: https://www.msn.com/en-us/public-safety-and-emergencies/health-and-safety-alerts/think-twice-before-you-click-unsubscribe/ar-AA1GoBBj
"You've left the safe, structured environment of your email client and entered the open web," TK Keanini, DNSFilter's chief technology officer, told WSJ. The risks range from confirming to bad actors that an email address belongs to an active user to redirecting victims to fake websites designed to steal login credentials or install malware. Clicking such links "can make you a bigger target in the future," said Michael Bargury, CTO of security company Zenity.
[1] https://www.msn.com/en-us/public-safety-and-emergencies/health-and-safety-alerts/think-twice-before-you-click-unsubscribe/ar-AA1GoBBj
Not only that... (Score:3)
But you have now proven the validity of that e-mail address which raises the worth of that address by some degree.
I have always trained our users to utilize the mail client block filter for spam or other unwanted list subscriptions.
Re:Not only that... (Score:5, Insightful)
If you put me on your list without asking, why should I trust you to take me off the list?
Block, always block.
Re: Not only that... (Score:2)
Or, if you have the skills, hack the spammer, unsubscribe yourself and burn their digital spamming infrastructure.
Re: (Score:2)
There is an even better solution thanks to modern password managers.
Create a unique email address for each person or company you provide with your email address
The moment you want to unsubscribe.. Turn off the destination email address entirely, and all messages will bounce with a 550 error.
This also helps with annoying data brokers selling lists with your address AND database access to certain tools where you type in a phone number or name and address, and the database spits out what email address
Re: Not only that... (Score:2)
Proton Pass to the rescue.
Re: (Score:2)
I use yopmail.com for a lot of truly throwaway stuff. I bookmark the account in my browser.
Be aware: the site itself is riddled with ads, which are easily blocked. But the way it works is you don't have to give it any information about yourself, not your name, not your phone number, nor an email. You get a URL to check your inbox, it's all wide open of course, anyone with the URL can ready your email. It's good for those sites that insist on an email address to access features. Once you get that first "veri
Re: Not only that... (Score:2)
The only ones I ever hit unsubscribe on are emails from politicians, and the link never works, just returning an error. Fortunately they excluded themselves from the CAN-SPAM act, so they don't need it to work anyways. You can block them, but they inevitably get a new domain at some point. So you just keep getting emails about them trying to create outrage over some issue you don't care about in some state or city that you've never been to.
Some devious sites say 'Unsubscribe', but (Score:1)
the unsubscribe button is a trap whose fine print says, 'does not unsubscribe, but take you to a sponsor site' probably full of spyware cookies, that are difficult to delete.
So, beware; I just use Goggle tool, Report spam/unsubscribe Option.
Re: (Score:2)
If someone really has to Unsubscribe, DO IT IN A PRIVATE SESSION (aka Porn Mode).
I find it simply incredible (Score:5, Informative)
That this isn't a common thought. The only thing I thought of when I read that headline was 'No Shit!'.
Re: (Score:3)
This was known 25 years ago.
Re: (Score:3)
Indeed, i haven't dared to click an unsubscribe link in years unless i'm extremely sure it's from a reliable organization....
Re: (Score:1)
The author is a freelancer with a degree in Anthropology.
Re: (Score:2)
As someone that provides support for consumer email accounts, I am slightly surprised when I talk to a customer that already understood this. I don't think this would be the place it needs to be brought, but I'm glad to see this knowledge make the rounds every now and then.
Misfiled (Score:3)
This story should from the "no-shit-sherlock" dept.
Re: Misfiled (Score:2)
no-click-on-shit-sherlock
Re: (Score:2)
> This story should from the "no-shit-sherlock" dept.
I came for this post and did not leave unsatisfied.
No kidding (Score:2)
I once tried the experiment of unsubscribing to every unwanted email. Each time I did so, I got more unwanted email. Eventually it was expanding exponentially and I had to close out that email address.
From which I concluded that :"unsubscribe" really means "please add me as a target of spam".
Hello? Anyone there? (Score:2)
We've already known for decades that the real purpose of the unsubscribe button is to let the spammer know that there's an active user at the end of the line so that they can start sending more spam.
Wow (Score:2)
> DNSFilter found that one in every 644 clicks on unsubscribe links leads users to potentially malicious websites.
I'm stunned that the percentage is so low!
ONLY 1 in 644? (Score:1)
Are you sure it's not 1 in 6.44?
If you use gmail (Score:2)
This isn't advice for slashdotters, all of you will have your own approaches, many quite sophisticated. But , if you have family or friends who use gmail and want a simple suggestion that they can easily understand and follow, and from which they'll get results that are about as good (and maybe better), tell them to click the "report spam" button instead of using the unsubscribe link. If Google believes the unsubscription flow to be legitimate, gmail will prompt with a popup that asks if they want to unsub
No shit (Score:2)
Don't click on any links within a spam email.
At best is simply notifies them that the email is live. At worst, who knows?
If your mail app doesn't support marking these as spam, get a better app.
'Get Updates' pop-up (Score:2)
A number of sites have pop-ups to 'get updates', presumably through the browser. (No email entered.)
I'm curious how this isn't exploited? Where the 'No Thanks' button isn't reversed, or both actually subscribe you?
I'll often avoid clicking on it altogether if I can...would prefer if there was an 'X' to close the pop-up. But those should be shut down completely by browsers too.
OMFG! (Score:2)
What year is it?!
This "new" has been known for over a decade!
to me it goes beyond that (Score:1)
I have my e-mail client set to "not load remote content in messages". So they do not even know if I got it. The "load Remote Content" dialogue box appears in almost every e-mail I get. But that's MY choice. :)
Always check the hyperlink (Score:2)
And you'll be fine. If it's coming from a different domain and you don't trust it, don't click on it.
So (Score:2)
Don't click on anything
except the close button
Oh wait, that might even be a trap
Re:So [Captain obvious is calling] (Score:2)
My reaction to the story was "Tell us something we didn't know." News is supposed to have some element of novelty in it. You know, novelty as in new .
However, I think the phishing scams disguised as fake upgrades are more annoying, and probably more dangerous, since the sucker is primed to expect something to get installed. As regards this story I thought there might be an element of novelty in it. Perhaps a new scammer's pitch to enter your credit card number to validate the unsubscribe request? Something a
Re: (Score:2)
Yeah, this isn't anything new. It's a link with a UUID embedded in it and confirms that the email address is a real one and an active one. Unsubscribing using their link is a bad idea and has been a bad idea for *decades*. Just mark it as spam and move on. The potential for the link to contain malware is nothing new.
I'm not sure that I agree with sending them to the new prison in El Salvador. That place is inhumane. As much as I hate spammers, I do think we need to treat criminals with a degree of humanity.
Re:So (Score:4, Funny)
For some reason, your post made me think of the following exchange from The IT Crowd .
Moss: My mum always says, you should never open the door.
Jen: What do you mean?
Moss: An unopened door is a happy door. So we never answer ours when someone knocks.
Jen: What, so you all just sit there?
Moss: Yes.
Jen: So the doorbell goes and you all just sit there until the person goes away?
Moss: Yes.
Jen: What if it's important? What if it's good news?
Moss: This is London, Jen. It's not someone with cake! Unless that cake is made of dog poo and knives!