If you’re reading this article, it is safe to assume that emails are, by now, like air for you –– you don’t think much about it, yet it is one of the important parts of life. Then, spam emails, too, must be as much a part of your life. More often than not, you must be hitting the “unsubscribe” button to avoid them, but turns out, there could be danger hidden in those.
The “unsubscribe scam” refers to a tactic where scammers embed malicious links in emails disguised as newsletters or promotions. Clicking on these can trigger phishing attacks, malware downloads, or flag your email as “active” for future spam.
“Nearly 1.2 per cent of all emails sent in 2025 are malicious –– that is, 3.4 billion phishing emails daily,” said Imteyaz Ansari, founder at Azmarq Technovation Private Limited, adding, “Scammers have targeted small business owners, freelancers, and older adults with the unsubscribe scam. These users tend to depend greatly on email communication but may not have sophisticated cybersecurity software.”
According to him, most victims are lured by emails disguised as billing notifications, support alerts, or service renewals. “These users often have their email addresses published on multiple platforms, making it easy for scammers to craft convincing, legitimate-looking messages,” Ansari told indianexpress.com.
According to cybersecurity firm DNSFilter, 1 in every 644 emails with an unsubscribe link is malicious, and that number is rising as scammers use social engineering to prey on email fatigue.
The Gmail unsubscribe trap
“This so-called ‘unsubscribe’ scam is a growing phishing technique,” said Nivya Ravi, director of product, BeVigil and SVigil, CloudSEK. “Cybercriminals send mass emails with bold, enticing unsubscribe buttons. But unlike legitimate opt-outs, these are traps. Clicking them doesn’t remove you from a list, it confirms your email is active and signals that you’re likely to engage,” explained Ravi.
“This confirmation can result in your email being sold on the dark web or targeted with ransomware. It’s a form of psychological manipulation, turning a user’s instinct to tidy up their inbox into a point of vulnerability,” said Ansari.
Story continues below this ad
Venky Sadayappan, director and practice head, cybersecurity, Arche, concurred, saying, “This makes your email a prime target for further phishing, malware attacks, or resale to other criminals.”
Why is clicking ‘unsubscribe’ risky?
– On clicking, users are often directed to a fake website that looks legitimate, but are aimed at stealing sensitive data.
– The click may trigger downloads of spyware, ransomware, or trojans, compromising the device.
– On clicking, users may be taken to web pages where personal or financial information is collected.
Story continues below this ad
How to distinguish between safe vs dangerous links?
Safe unsubscribe links:
– These emails come from verified and familiar domains (for example, @zomato.com, @nykaa.com)
– Appear via Gmail’s built-in ‘unsubscribe’ option that appears next to the sender’s name.
– These links do not ask for login credentials, personal information or even ask to download from a suspicious link.
– Typically redirects the user to a simple confirmation page.
Story continues below this ad
– These emails are consistent in tone, language, and design with the brand’s usual communication.
Suspicious unsubscribe links:
– These are sent from misspelled or shady-looking domains (for example, @deals-zomato.ru, @offers-dealz.online)
– Contain flashy or oversized buttons, often oddly placed or centered in the email, urging the user to click on it.
Story continues below this ad
– Redirects users to login pages, suspicious forms, and even unexpected websites.
– May feature poor grammar, broken formatting, or inconsistent branding.
– Sometimes open attachments or trigger automatic downloads.
Best practices to stay safe
Experts listed the following best practices to avoid falling prey to the unsubscribe scam.
Use trusted tools: Stick to Gmail’s built-in unsubscribe option or use email filters. Privacy-focused tools like Apple’s Hide My Email can help, but check their policies first.
Avoid risky clicks: Don’t interact with emails from unfamiliar sources. Mark them as spam and block persistent offenders.
Story continues below this ad
Strengthen account security: Enable two-factor authentication (2FA), regularly review third-party app access, and keep browsers and apps updated.
Practise inbox hygiene: Avoid using your primary email ID for random signups. Create separate folders or use aliases for shopping and subscriptions.
“In India, cybercrime cells in states like Jharkhand, Uttar Pradesh, and Haryana have been linked to email scams that begin innocently but escalate into fraud,” said Ravi.
Always think of online movements as traps that would land you in trouble. Do not click on any link unless you are sure it is safe.
The Safe Side:
As the world evolves, the digital landscape does too, bringing new opportunities—and new risks. Scammers are becoming more sophisticated, exploiting vulnerabilities to their advantage. In our special feature series, we delve into the latest cybercrime trends and provide practical tips to help you stay informed, secure, and vigilant online.
0
0
Average Rating