By law, companies are supposed to give you an opt-out option for unsolicited emails using an “unsubscribe” button or link. The only problem? Scammers do the exact same thing—except the button or link contains malware that will steal your personal information. Here’s a look at how to spot the difference, and whether you should even toggle “unsubscribe” at all.
How to spot a scam email
Fortunately, most email services like Gmail or Outlook have good spam-detection filters, which means that the vast majority of scam emails sent to your email address are rarely seen. Some spam emails still squeak through, though, either as unscrupulous promotions merely skirting anti-spam laws, or as outright scams looking to steal your personal information. With scam emails, they’re usually pretty easy to spot:
- They use public domains like “gmail.com” or the domain is misspelled.
- The company name isn’t familiar and doesn’t show up in web search results.
- There’s a demand to click on a link, with a sense of urgency that seems unprofessional.
- The email contains lots of misspellings and strange fonts (often with poorly punctuated subjects lines like “We need your confirmation asap” or “Request , please confirm your unsubscribe”).
- There’s a fake, often-oversized “unsubscribe” link or button to click on, although it can have different labels, too (“participate now!” or “click okay to start”).
Unfortunately with scam emails, toggling an unsubscribe button or link merely confirms to the scammer that your account is active and that you’re an easy mark for more scam emails. Worse yet, these links can contain malware (including ransomware) which will steal personal information from your computer.
Should I avoid the unsubscribe button altogether?
As a rule: If you know and trust the company and understand why you’re receiving the email, it’s probably safe to toggle “unsubscribe” for communications that aren’t really spam (e.g., a newsletter you’ve recently stopped reading, or pesky Warby Parker follow-up emails following a purchase).
If the email is unknown, unsolicited or plain weird, keep it marked as “unread” (if possible), and report it as spam instead. Doing so will mark the email as junk, which will keep any further emails out of your inbox. Business Insider also suggests blocking individual senders, but that might not be very effective as scammers change their address all the time.
Also, to further protect yourself: You might want to consider a separate “throwaway” email that contains no personal information, used strictly for shopping or newsletters. That way, if spam becomes a big problem, you can simply create a new email account and start fresh.
Lastly, if you’re the victim of a scam email, consider reporting it to the FTC at ReportFraud.ftc.gov.