Mailboxes these days are flooded with promotional emails offering crypto tips, flash sales, annoying job offers, last-minute travel deals, and miracle weight-loss cures. The most common exit route for removing these emails is the trusty “unsubscribe” link. While it may seem tempting to click that button and eliminate those promotional emails, those links aren’t always what they seem, and clicking them could put you at risk.
According to a report by The Wall Street Journal citing DNSFilter, which sells cybersecurity software, clicking on the ‘Unsubscribe link’ can expose your device and your personal information to online threats. “You’re leaving the safety of your email app and entering the wild west of the web,” warns TK Keanini, CTO at cybersecurity company DNSFilter.
The report claims that about 1 in every 644 unsubscribe clicks leads to malicious websites, and even if the link doesn’t mislead users to any phishing website, it might still confirm to scammers that your email address is active.
“Clicking tells attackers you’re a real person,” says Michael Bargury, co-founder of the security company Zenity. While it doesn’t instantly create any issue, it might lead to more spam or even attempts at online scams down the line.
In some cases, those links were found redirecting users to fake websites that ask for login information or attempt to install malware. “If it’s asking for your password just to unsubscribe, that’s a huge red flag,” Bargury says.
Since clicking on the ‘Unsubscribe link within the email can be dangerous, experts recommend alternative methods, such as using the ‘unsubscribe’ buttons built into most email apps, like Gmail or Outlook. They are usually safer as they don’t take users outside their inbox. Additionally, you can mark the email as spam.
Apple’s “Hide My Email” feature and browser extensions for Chrome and Firefox can also help keep your real email address private. Also, avoid clicking on the unsubscribe link if you don’t trust the source.