Don’t fall for unsubscribe email scam
CLICKING “unsubscribe” on unwanted emails has become increasingly dangerous as online activity and scam reports multiply.
Data from the Australian Competition & Consumer Commission’s Scamwatch shows complaints about identity theft and phishing leapt 130 per cent in March compared with a year ago.
The unsubscribe button can be a fraudster’s ticket to steal your data and identity, but cybersecurity specialists say there is a simple way to stop the scammers.
Cybersecurity agency Proofpoint’s area vice-president, Crispin Kerr, said fraudulent emails were one of the most cost-effective strategies for criminals, who have been busy during the pandemic as a majority of Australians worked remotely. “Email has become a very busy, clogged channel, with people receiving an exceedingly high volume of emails every day,” he said.
“In some cases, cybercriminals can get their hands on your email address and send unsolicited emails. When people click on an unsubscribe link, they are taken to a page where their personal information can be stolen, as well as details related to their location and browser information.”
Scamwatch data shows in March alone there were almost 23,000 scam reports, including 5342 focused on phishing and 1917 on identity theft.
Instead of clicking on unsubscribe links in emails from unfamiliar organisations, consumers can simply mark them as spam on their computer. This should identify them as junk and potentially stop other emails from the same sender landing in their inbox.
KnowBe4 security awareness advocate Jacqueline Jayne said organisations had been busy dealing with the pandemic and managing their people remotely, and “seem to have forgotten about cybersecurity”.
“Outside of work, our interactions online have increased 10-fold thanks in part to COVID-19, which means the risk of falling victim to a cyberattack have increased the same,” she said.
Proofpoint’s Mr Kerr said people should never trust emails from unsolicited senders that asked them to follow a link or download an attachment.