Scammers are taking advantage of people’s dislike of spam email to send more spam email.
According to BleepingComputer, a new fraud campaign tries to test whether the scammers’ email database has valid and active email addresses.
If they receive the required confirmation, they will spam it with a variety of spam emails.
The campaign is basic in design; the victim will receive a simple email with the following call to action:
“Please confirm your Subscribe (sic) or Unsubscribe. Confirm Subscribe me! Unsubscribe me! Thank you!”
If you click on the embedded subscribe/unsubscribe links, your mail client will generate a new email that will be forwarded to a large number of different email addresses controlled by the spammer.
Users should expect to be unsubscribed from future communications if they send the above email.
They are, however, confirming for the spammers that their email address is real and under surveillance.
The victim’s inbox will be bombarded with spam emails a few days after receiving this confirmation.
By “unsubscribing” with a newly established email address, BleepingComputer verified the campaign’s legitimacy.
After sending unsubscribe/subscribe responses from the new account, our new account was flooded with spam emails in just a few days, BleepingComputer reported.
It was also said that these operations aren’t restricted to spam emails; nothing prevents scammers from using phishing or social engineering against the target email, which are sometimes more hazardous and difficult to detect and stop.
Consumers should never click any links they receive in an email unless they are fully certain of the sender’s validity and the link’s integrity, according to security experts.
No legitimate company will ever send an email with only the alternatives to “Subscribe or Unsubscribe” and not providing further information.
Also read: Microsoft warns about phishing attack by Nobelium group spoofing USAID
You might also like: FBI will share compromised passwords with Have I Been Pwned
You might also like: Malvertised Fake AnyDesk: Trojanized AnyDesk found on Google Ads
You might also like: Forget DARK WEB. Telegram is the new marketplace for illegal activities and cybercrime