Specialists in ciberseguridad have raised the alarm over a scam that arrives by email and, with just one click, can empty bank accounts or expose sensitive data. The most common hook It is a supposed link for "cancel subscription" at the bottom of promotional messages.
The technique abuses everyday habits: cleaning your inbox and unsubscribing from annoying lists. According to DNSFilter, one in every 644 clicks in unsubscribe links leads to a malicious site, opening the door to password theft or the installation of malicious software.
How mail scams work
Attackers send messages that mimic real brands or services, with logos, colors and styles very similar to the official ones. At the bottom they place a button "cancel subscription" which, when pressed, redirects to a page that impersonates to the authentic site.
Once there, you are invited to enter user and password, answer security questions or facilitate bank codes. It is also common that, without the user noticing, an attempt is made to download malware to spy on your computer or take remote control. To better understand how to defend yourself, you can check out our article on Cryptocurrency scams and how to protect yourself.
This scheme is a case of Phishing supported on social engineering: exploits the user's haste and confidence in routine processes. The objective is not always immediate; they often seek validate the email account for future fraud or identity theft campaigns.
Devices with outdated antivirus or without additional protection are especially vulnerable, as simply accessing the fake domain can execute malicious payloads in the background.
What attackers are after and why it is dangerous
The main purpose is to capture financial credentials and access online banking to make unauthorized transfers or password changes that block the victim.
With the data obtained, criminals can also check active addresses, segment victims to increase the effectiveness of future campaigns and orchestrate digital identity hijackings more elaborate
Even when no data is entered, an infection with malware can allow keystroke recording, intercepting single-use codes or install rear doors to facilitate new access.
How to identify and avoid scams
If the email raises doubts, the safest thing is do not click on the unsubscribe link. Instead, manually access the service's official website from your browser and manage the subscriptions from there.
- Check the sender: Look for spelling mistakes, strange domains, or addresses that don't match the brand.
- Be wary of irregular formats, messages with urgencia excessive or unbelievable promises.
- Install and keep your antivirus and activates a DNS filtering to block pages identified as dangerous.
- Activate the multi-factor authentication (MFA) in banking and critical services to add an extra layer of protection.
- Check frequently movements of your accounts and set alerts for sensitive transactions.
Digital hygiene and warning signs
Keep the operating system and updated applications reduce the gaps that malware attempts to exploit during these campaigns.
Disables the automatic download of files in email whenever possible and limit the execution of attachments or scripts from dubious sources.
When faced with a repetitive and annoying email, prioritize methods of unsubscribing within the official count of the service instead of using links embedded in the received message.
If you have clicked and suspect exposure, immediately change your Passwords, close active sessions, perform a scan with your antivirus and contact your banking entity to block movements.
Combining fake unsubscriptions, convincing visual spoofing and silent malware installation has turned these emails into a real threat; the caution when pressingThe use of security tools and manual checks are the best way to prevent these maneuvers from resulting in unauthorized access and compromised balances.