CITIZENS NEWS

Cybersecurity experts warn clicking "unsubscribe" in emails could steal your data

By isabelle // 2025-06-17

• Cybersecurity experts warn that clicking on unsubscribe links in spam emails can expose passwords and financial data, or infect devices with malware.
• One in 644 unsubscribe links leads to a malicious site, with spam making up 45% of global email traffic.
• Hackers exploit fake unsubscribe links to confirm active emails, redirect to phishing sites, or install malware silently.
• Fake unsubscribe pages mimic legitimate businesses, tricking users into surrendering personal data for identity theft or ransomware.
• Experts recommend using email client tools (like Gmail’s unsubscribe button) or marking spam instead of clicking links.

In an era of relentless digital spam, the "unsubscribe" button at the bottom of promotional emails may seem like a harmless escape hatch. However, cybersecurity experts are sounding the alarm: clicking that link could hand hackers your passwords, financial details, and even control of your device. Shockingly, at least one in every 644 unsubscribe links leads to a malicious website, according to DNSFilter, a cybersecurity firm. With spam making up 45% of global email traffic, millions are unknowingly walking into a trap designed by criminals exploiting basic inbox hygiene.

How the scam works

Most businesses are legally required to include an unsubscribe option in their marketing emails, but hackers have weaponized this convenience. Jake Moore, global cybersecurity advisor at ESET, warns: "Criminals use links to lure in their victims and will sometimes cleverly place fake unsubscribe links in their emails to trick recipients into clicking on them." These links don’t just remove you from a mailing list; they confirm your email is active so they can send you more spam, redirect you to phishing sites, or silently install malware. The danger escalates once you leave the relative safety of your email client. Tim Keanini, DNSFilter’s CTO, told The Wall Street Journal: "Trust is relative. I trust my email client, but I don’t trust what’s inside the email." Fake unsubscribe pages often mimic legitimate businesses, prompting users to "confirm" personal data or log in, effectively handing criminals everything they need for identity theft or ransomware attacks.

Why hackers love your inbox

At minimum, clicking a malicious unsubscribe link tells scammers you’re an engaged target. "In most cases, it will actually increase spam by confirming a live email address," Moore explains. But the worst-case scenarios are far darker:

• Phishing traps: Fake login pages harvest credentials for banking, social media, or corporate accounts.
• Malware downloads: Some links trigger silent software installations, turning your device into a botnet slave.
• Data auctions: Stolen emails and passwords are sold on the dark web, fueling future fraud.

One Reddit user recently exposed a fake unsubscribe link disguised as a Home Depot email, proving that even trusted brands can be impersonated.

How to unsubscribe safely

The good news? You can declutter your inbox without risking your security. Experts recommend these alternatives:

• Use your email client’s built-in unsubscribe tool. Gmail, Outlook, and Apple Mail provide buttons at the top of promotional emails (e.g., Gmail’s blue "unsubscribe" option). These are vetted and don’t expose you to external sites.
• Mark as spam. Moore advises: "It’s generally safer to mark the email as spam or junk using the email provider’s tools." This trains filters to block similar messages.
• Block the sender entirely. If an email looks suspicious, avoid interaction altogether.
• For high-risk users (business leaders, journalists, activists), setting up a separate "spam" email account for subscriptions keeps primary inboxes clean and secure. Apple’s "Hide My Email" and browser-based alias tools add another layer of protection.

This scam is part of a broader assault on digital autonomy. Corrupt corporations and cybercriminals alike profit from harvesting personal data, whether it's through shady unsubscribe traps or covert tracking pixels. Vigilance is non-negotiable. As Moore warns: "If the email looks suspicious, it’s best to avoid clicking anything in it at all." Your inbox shouldn’t be a minefield. By ditching risky unsubscribe clicks in favor of email client tools or spam filters, you reclaim control without sacrificing security. In a world where "trust" is a hacker’s favorite disguise, skepticism is your best defense. Stay alert, verify links, and remember: the easiest path, like that tempting unsubscribe button, can be the most dangerous.   Sources for this article include: DailyMail.co.uk PopSci.com Entrepreneur.com

glitch hackers malware email dangerous Big Tech computing future tech privacy watch phishing technocrats spam