Cybercriminals are sending fake emails confirming the “unsubscribe” of an email advertising service such as form of address and email validation for future phishing and spam campaigns.
According to BleepingComputer, which had access to one of these campaigns, e-mail is quite simple. A message saying only “Please confirm your subscription or cancel your subscription. Thank you!”.
Regardless of which buttons were clicked, the email service sends an email saying “Please unsubscribe from your newsletter”, which confirms the user’s validity in several malicious emails.
BleepingComputer created a new email to test the malicious campaign. With a reset email, he replied to the email, confirming to be an active user to various addresses used in spam and phishing campaigns.
“In just a few days, our fake account [criada para testar a campanha maliciosa] was bombarded with spam emails“, reported Lawrence Abrams, editor of BleepingComputer.
Abrams recommends that anyone who receives such an email report it and send it to a spam box. “No legitimate organization will send these types of emails without further explaining what the email is referring to“he concludes.