Scammers use fake 'unsubscribe' spam emails to confirm valid email accounts to be used in future phishing and spam campaigns.
For some time, spammers have been sending emails that simply ask if you wish to unsubscribe or subscribe. These emails do not explain what you are unsubscribing or subscribing to and are being used by spammers to verify if the recipient's email is valid and susceptible to phishing scams and other malicious activity.
The "confirmation" emails use mail subjects, such as "We_need your confirmation asap", "Request , please confirm your unsubscription", and "Verification."
The email messages are very basic, with just colorful boxes containing links asking whether you would like to unsubscribe or subscribe, as shown below.
If you click on the embedded subscribe/unsubscribe links, it will cause your mail client to create a new email that will be sent to many different email addresses under the spammer's control.
When users send the above email, they expect to be unsubscribed from further emails. However, they are actually verifying for the spammers that their email address is valid and being monitored.
Responding leads to more spam
As a test, BleepingComputer created a new email address that we never used on any website or service. Using this email address, we responded to various confirmation emails that we received on another email account.
After sending unsubscribe/subscribe responses from the new account, in only a few days our new account became bombarded with spam emails.
This test further confirmed that spammers are using these subscribe/unsubscribe emails to refine their mailing lists and verify email addresses susceptible to these types of scams and phishing attacks.
If you receive an email that just simply asks you to subscribe or unsubscribe, ignore it and mark it as spam.
No legitimate organization will send these types of emails without further explaining what the email is referencing.
Comments
Sam Gunn - 2 years ago
Hey Lawrence, try doing this. Set up a virtual machine. On the VM, set up a fake email account. You can do that with Thunderbird. Make it look like mickeymoose@bleppingkompater.com. Or something like that. Make sure that the domain doesn't exist. Next, transfer a spam email to your VM. Then click unsubscribe. They will then try to send you spam emails. But if the email address doesn't exist, they will all be going back to the sender.
I don't know if they will be seeing the spam emails. I think most spam emails come from fake email accounts. So they might not get the emails in their inbox.
You can do the same if you get an email claiming to be from Amazon. Copy the link, post it in a VM, and then enter fake account name, and password. Do that a few dozen times. That will take up the scammers time.