By law, companies are supposed to offer you an unsubscribe option for unsolicited emails using an “unsubscribe” button or link. The only problem? The crooks do the exactly the same—Unless the button or link contains malware that will steal your personal information. Here’s a rundown of how to spot the difference and whether you should even toggle “unsubscribe” at all.
How to spot a fraudulent email
Fortunately, most email services like Gmail or Outlook have good spam detection filters, which means the vast majority of scam emails sent to your email address are rarely seen. However, some spam continues to pass, either as unscrupulous promotions simply bypassing anti-spam laws, or outright scams that seek to steal your personal information. With scam emails, they’re usually pretty easy to spot:
- They are using public domains such as “gmail.com” or the domain is misspelled.
- The company name is unfamiliar and does not appear in web search results.
- There is a request to click on a link, with a sense of urgency that doesn’t sound professional.
- The email contains lots of misspellings and weird fonts (often with poorly punctuated subject lines like “We need your confirmation ASAP” or “Request, please confirm unsubscribe”).
- There is a fake link or often oversized “unsubscribe” button to click on, although it may also have different labels (“join now!” Or “click okay to start”).
Unfortunately, with scam emails, activating an unsubscribe button or link simply confirms to the scammer that your account is active and that you are an easy target for more scam emails. Worse yet, these links may contain malware (including ransomware) which will steal personal information from your computer.
Should I completely avoid the unsubscribe button?
As a general rule: if you know and trust the company and understand why you are receiving the email, it is probably safe to toggle “unsubscribe” for communications that are not really spam (for example, a newsletter that you recently stopped reading or emails from. pesky follow-up from Warby Parker after a purchase).
If the email is unknown, unsolicited, or just plain weird, keep it marked as “unread” (if possible) and report it as spam instead. This will mark the email as spam, which will keep any other email out of your inbox. Business Insider also suggests block individual senders, but it might not be very effective as the crooks change their address all the time.
Additionally, to further protect yourself: you may want to consider a separate “throwaway” email that does not contain any personal information, used strictly for shopping or newsletters. That way if spam becomes a big deal, you can just create a new email account and start from scratch.
Finally, if you are the victim of a fraudulent email, be sure to report it to the FTC at Report Fraud.ftc.gov.