Premium

The ‘unsubscribe’ button trap: Why your inbox declutter could be a cyberattack

Unsubscribe button scam: What seems like a harmless attempt to declutter your inbox could quietly open a door to cyber trouble. In this week’s The Safe Side, we unpack a rising scam exploiting something as simple, and seemingly helpful, as the “unsubscribe” button.

The “unsubscribe scam” refers to a tactic where scammers embed malicious links in emails disguised as newsletters or promotions. (Express Image/FreePik)

If you’re reading this article, it is safe to assume that emails are, by now, like air for you –– you don’t think much about it, yet it is one of the important parts of life. Then, spam emails, too, must be as much a part of your life. More often than not, you must be hitting the “unsubscribe” button to avoid them, but turns out, there could be danger hidden in those.

The “unsubscribe scam” refers to a tactic where scammers embed malicious links in emails disguised as newsletters or promotions. Clicking on these can trigger phishing attacks, malware downloads, or flag your email as “active” for future spam.

“Nearly 1.2 per cent of all emails sent in 2025 are malicious –– that is, 3.4 billion phishing emails daily,” said Imteyaz Ansari, founder at Azmarq Technovation Private Limited, adding, “Scammers have targeted small business owners, freelancers, and older adults with the unsubscribe scam. These users tend to depend greatly on email communication but may not have sophisticated cybersecurity software.”

Also Read | ‘They knew my policy number’: The rise of fake insurance agents and how to spot them

According to him, most victims are lured by emails disguised as billing notifications, support alerts, or service renewals. “These users often have their email addresses published on multiple platforms, making it easy for scammers to craft convincing, legitimate-looking messages,” Ansari told indianexpress.com.

According to cybersecurity firm DNSFilter, 1 in every 644 emails with an unsubscribe link is malicious, and that number is rising as scammers use social engineering to prey on email fatigue.

The Gmail unsubscribe trap

“This so-called ‘unsubscribe’ scam is a growing phishing technique,” said Nivya Ravi, director of product, BeVigil and SVigil, CloudSEK. “Cybercriminals send mass emails with bold, enticing unsubscribe buttons. But unlike legitimate opt-outs, these are traps. Clicking them doesn’t remove you from a list, it confirms your email is active and signals that you’re likely to engage,” explained Ravi.

“This confirmation can result in your email being sold on the dark web or targeted with ransomware. It’s a form of psychological manipulation, turning a user’s instinct to tidy up their inbox into a point of vulnerability,” said Ansari.

Story continues below this ad

Venky Sadayappan, director and practice head, cybersecurity, Arche, concurred, saying, “This makes your email a prime target for further phishing, malware attacks, or resale to other criminals.”

Why is clicking ‘unsubscribe’ risky?

– On clicking, users are often directed to a fake website that looks legitimate, but are aimed at stealing sensitive data.

– The click may trigger downloads of spyware, ransomware, or trojans, compromising the device.

– On clicking, users may be taken to web pages where personal or financial information is collected.

Story continues below this ad

How to distinguish between safe vs dangerous links?

Safe unsubscribe links:

– These emails come from verified and familiar domains (for example, @zomato.com, @nykaa.com)

– Appear via Gmail’s built-in ‘unsubscribe’ option that appears next to the sender’s name.

– These links do not ask for login credentials, personal information or even ask to download from a suspicious link.

– Typically redirects the user to a simple confirmation page.

Story continues below this ad

– These emails are consistent in tone, language, and design with the brand’s usual communication.

Also Read | Can you trust what you see? How AI videos are taking over your social media

Suspicious unsubscribe links:

– These are sent from misspelled or shady-looking domains (for example, @deals-zomato.ru, @offers-dealz.online)

– Contain flashy or oversized buttons, often oddly placed or centered in the email, urging the user to click on it.

Story continues below this ad

– Redirects users to login pages, suspicious forms, and even unexpected websites.

– May feature poor grammar, broken formatting, or inconsistent branding.

– Sometimes open attachments or trigger automatic downloads.

Best practices to stay safe

Experts listed the following best practices to avoid falling prey to the unsubscribe scam.

Use trusted tools: Stick to Gmail’s built-in unsubscribe option or use email filters. Privacy-focused tools like Apple’s Hide My Email can help, but check their policies first.

Avoid risky clicks: Don’t interact with emails from unfamiliar sources. Mark them as spam and block persistent offenders.

Story continues below this ad

Strengthen account security: Enable two-factor authentication (2FA), regularly review third-party app access, and keep browsers and apps updated.

Practise inbox hygiene: Avoid using your primary email ID for random signups. Create separate folders or use aliases for shopping and subscriptions.

“In India, cybercrime cells in states like Jharkhand, Uttar Pradesh, and Haryana have been linked to email scams that begin innocently but escalate into fraud,” said Ravi.

Always think of online movements as traps that would land you in trouble. Do not click on any link unless you are sure it is safe.

The Safe Side:
As the world evolves, the digital landscape does too, bringing new opportunities—and new risks. Scammers are becoming more sophisticated, exploiting vulnerabilities to their advantage. In our special feature series, we delve into the latest cybercrime trends and provide practical tips to help you stay informed, secure, and vigilant online.

Ankita Deshkar

Ankita Deshkar is a Deputy Copy Editor and a dedicated fact-checker at The Indian Express. Based in Maharashtra, she specializes in bridging the gap between technical complexity and public understanding. With a deep focus on Cyber Law, Information Technology, and Public Safety, she leads "The Safe Side" series, where she deconstructs emerging digital threats and financial scams. Ankita is also a certified trainer for the Google News Initiative (GNI) India Training Network, specializing in online verification and the fight against misinformation. She is also an AI trainer with ADiRA (AI for Digital Readiness and Advancement) Professional Background & Expertise Role: Fact-checker & Deputy Copy Editor, The Indian Express Experience: Started working in 2016 Ankita brings a unique multidisciplinary background to her journalism, combining engineering logic with mass communication expertise. Her work often intersects regional governance, wildlife conservation, and digital rights, making her a leading voice on issues affecting Central India, particularly the Vidarbha region. Key focus areas include: Fact-Checking & Verification: As a GNI-certified trainer, she conducts workshops on debunking deepfakes, verifying viral claims, and using OSINT (Open Source Intelligence) tools. Cyber Law & IT: With postgraduate specialization in Cyber Law, she decodes the legalities of data privacy, digital fraud, and the evolving landscape of intellectual property rights. Public Safety & Health: Through her "The Safe Side" column, she provides actionable intelligence on avoiding "juice jacking," "e-SIM scams," and digital extortion. Regional Reporting: She provides on-ground coverage of high-stakes issues in Maharashtra, from Maoist surrenders in Gadchiroli to critical healthcare updates and wildlife-human conflict in Nagpur. Education & Credentials Ankita is currently pursuing her PhD in Mass Communication and Journalism, focusing on the non-verbal communication through Indian classical dance forms. Her academic foundation includes: MA in Mass Communication (RTM Nagpur University) Bachelors in Electrical Engineering (RTM Nagpur University) Post Graduate Diploma (PGTD) in Cyber Law and Information Technology Specialization in Intellectual Property Rights Recent Notable Coverage Ankita’s reportage is recognized for its investigative depth and emphasis on accountability: Cyber Security: "Lost money to a scam? Act within the 'golden hour' or risk losing it all" — A deep dive into the critical window for freezing fraudulent transactions. Public Health: "From deep coma to recovery: First fully recovered Coldrif patient discharged" — Investigating the aftermath of pharmaceutical toxins and the healthcare response. Governance & Conflict: "Gadchiroli now looks like any normal city: SP Neelotpal" — An analysis of the socio-political shift in Maoist-affected regions. Signature Beat Ankita is best known for her ability to translate "technical jargon into human stories." Whether she is explaining how AI tools like MahaCrimeOS assist the police or exposing the dire conditions of wildlife transit centres, her writing serves as a bridge between specialized knowledge and everyday safety. Contact & Follow X (Twitter): @ankita_deshkar Email: ankita.deshkar@indianexpress.com ... Read More