Experts warn that this familiar action could be the door to fall into a scam by hackers, leading to personal theft or malware attacks.
In an e-commerce environment that is already full of promotional emails or junk letters, many people have the habit of pressing the words "Click here to cancel registration" to clean up the mailbox. However, according to security expert Keanini, Chief Technology Officer (CTO) of DNSFilter Technology and Security Company, this means you have left the email security environment to switch to an external website that may contain malicious or fake code.
Statistics from DNSFilter show that for every 644 clicks on a registration cancellation link, at least one is led to a malicious website. Worse, such clicks also help attackers confirm that the email address you are using is real and working. This makes you a potential target for more complex scams in the future.
Michael Bargury, technology director of security firm Zenity, explained that when an email address is confirmed to be "lived", hackers can plan to collect more personal data and build records for social-technical attacks, such as account fraud or even blackmail.
One of the sophisticated tricks is creating fake websites that require users to re-entry their email address or password to complete the registration cancellation process.
Technology expert Bargury warns: "If a website requires you to provide a password to unregister, never do it."
Instead, users should personally access the official website of the email sending organization to change the received letter settings.
Security experts recommend that users should take advantage of the "cancel subscription" buttons in the email header, also known as list-unsubscribe headers. This is a feature provided by major email services such as Gmail or Outlook, helping to refuse to receive letters without having to open links to external websites.
In case there is no safety option, mark an email as spam or set the filter to automatically transfer similar emails into the trash bin. Another preventive measure is to use disposable email addresses, or anonymous email creation services such as Apple's "hidden email", to protect online identities and better control channels.
