Con Watch: The Dangers of the Unsubscribe Link

Think twice about clicking that “unsubscribe” link at the bottom of that email. You might get more than you bargained for.


Weekly Newsletter

The best of The Saturday Evening Post in your inbox!


Steve Weisman is a lawyer, college professor, author, and one of the country’s leading experts in cybersecurity, identity theft, and scams. See Steve’s other Con Watch articles.

Most of us get far more emails than we wish to receive. Much email contains solicitations and advertisements that clog up our inboxes and require constant attention to delete, which is why you may be tempted to click on the “unsubscribe” link at the bottom of the email.

Don’t do it.

While the unsubscribe link is probably safe when it comes from a company that you are sure is legitimate, you could run into serious problems if the unsubscribe link is in an email from a scammer. The problem is that when you click on the unsubscribe link, you run the risk of either inadvertently downloading malware on to your computer or providing personal information that is used to make you a victim of identity theft.

Equally troubling is the fact that when you click on an unsubscribe link, rather than reducing the amount undesired emails, you may very well end up getting more spam and malware-infected emails than ever before. In clicking the “unsubscribe” link, you just verified that your email address is legitimate. The scammer will now be sure to include it in email lists that they’ll sell to other scammers.

Some of us may be lulled into a false sense of security when it comes to potential threats sent to us electronically because we have good, strong security software on our computer as well as all of our other electronic devices such as phones, laptops and tablets. However, even if you have the best security software and install security updates on all of your devices as soon as they become available, you are not completely protected. The most expert cybercriminals are constantly exploiting previously undiscovered vulnerabilities in the software we all use. These are called Zero Day Defects, and the best security software will not protect you from them. It generally takes at least a month from the time that such defects are first used by cybercriminals until the security software companies and the makers of other software programs come up with security patches to protect you from them.

When it comes to recognizing whether an email with an unsubscribe link is legitimate and can be trusted, I urge you to remember my motto, “trust me, you can’t trust anyone.”

To determine whether or not an email is truly from a legitimate company, you can check out the email address from which it is sent. If the email address of the sender appears unrelated to the “legitimate” company from which the email appears to come, it is an indication that it is a scam.

Even if the email address of the sender appears to come from a legitimate company, you are better off just using your email provider’s option to block or mark the email as spam in order to prevent further such emails. While some cybercriminals who send mass scam emails take the lazy way out and use botnets to send the emails, other more knowledgeable cybercriminals will create email addresses that to the untrained eye appear to be legitimate. So, although it may seem like a waste of time, an effective and simple way to deal with the unsubscribe link is to ignore it and merely delete unwanted emails.

Featured image: Shutterstock

Become a Saturday Evening Post member and enjoy unlimited access. Subscribe now


  1. “Even if the email address of the sender appears to come from a legitimate company, you are better off just using your email provider’s option to block or mark the email as spam in order to prevent further such emails.”

    Talk about throwing the baby out with the bathwater. A lawyer suggests accusing emailers of a crime EVEN IF the accuser subscribed or otherwise requested the mails. That’s a horrible thing to do.

    If it’s a legitimate company sending email as part of interaction with you, then you OWE it to that company to use the unsubscribe link provided. To instead accuse them of spamming means that you are interfering with OTHER people’s enjoyment of that service, because those legitimate mailers have increasing difficulty in delivering those mails.

    Worse, it’s small companies who are harmed the most. Amazon won’t ever be harmed, but small publishers are.

    CERTAINLY when someone sends completely unsolicited messages the “spam” button is appropriate, especially (to stay on topic) the vast majority of them are scams. But not when you have requested the messages. If you no longer want them, DO click unsubscribe!

  2. Several years ago, I clicked an ad on our local newspaper’s online version. Within hours we were inundated with spam email from unrelated companies. It’s pretty sad when your local newspaper can’t be trusted.


Your email address will not be published. Required fields are marked *