
Photo by Alexeynovikov via Getty
Information security companies are warning that the “unsubscribe” link has become one of the new tools used in phishing, according to Proofpoint. Instead of leading to the standard subscription management page, it may lead to a fake website designed to collect user information or steal login credentials.
The scheme looks as convincing as possible: an email arrives that resembles a typical promotional message. At the bottom is a standard phrase offering the option to unsubscribe from future emails. However, after clicking the link, the user is directed not to the sender’s official service, but to a page with a confirmation form.
Such websites may request the user’s first name, last name, phone number, email address, and other information. The information obtained allows scammers to launch more targeted attacks—such as sending personalized phishing emails, making fraudulent calls, or attempting to gain access to corporate systems.
Experts note that this scheme is particularly dangerous for companies. Employees using their work email may unwittingly disclose information about the organization’s structure, job titles, contact details, and the services it uses. This information can then be used to launch attacks against the business.
The effectiveness of this method relies on a common user reaction: frustration with a large volume of spam emails causes them to act quickly, without verifying the website address or paying attention to suspicious requests.
Cybersecurity experts recommend not clicking on “Unsubscribe” links in suspicious emails. It is safer to manually open the company’s official website or use your email service’s built-in tools to block the sender and mark the message as spam.





















